[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]
EMPLOYMENT ELIGIBILITY
VERIFICATION SYSTEMS
=======================================================================
HEARING
before the
SUBCOMMITTEE ON SOCIAL SECURITY
of the
COMMITTEE ON WAYS AND MEANS
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED TENTH CONGRESS
FIRST SESSION
__________
JUNE 7, 2007
__________
Serial No. 110-45
__________
Printed for the use of the Committee on Ways and Means
U.S. GOVERNMENT PRINTING OFFICE
47-008 WASHINGTON : 2009
----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON WAYS AND MEANS
CHARLES B. RANGEL, New York, Chairman
FORTNEY PETE STARK, California JIM MCCRERY, Louisiana
SANDER M. LEVIN, Michigan WALLY HERGER, California
JIM MCDERMOTT, Washington DAVE CAMP, Michigan
JOHN LEWIS, Georgia JIM RAMSTAD, Minnesota
RICHARD E. NEAL, Massachusetts SAM JOHNSON, Texas
MICHAEL R. MCNULTY, New York PHIL ENGLISH, Pennsylvania
JOHN S. TANNER, Tennessee JERRY WELLER, Illinois
XAVIER BECERRA, California KENNY HULSHOF, Missouri
LLOYD DOGGETT, Texas RON LEWIS, Kentucky
EARL POMEROY, North Dakota KEVIN BRADY, Texas
STEPHANIE TUBBS JONES, Ohio THOMAS M. REYNOLDS, New York
MIKE THOMPSON, California PAUL RYAN, Wisconsin
JOHN B. LARSON, Connecticut ERIC CANTOR, Virginia
RAHM EMANUEL, Illinois JOHN LINDER, Georgia
EARL BLUMENAUER, Oregon DEVIN NUNES, California
RON KIND, Wisconsin PAT TIBERI, Ohio
BILL PASCRELL, JR., New Jersey JON PORTER, Nevada
SHELLEY BERKLEY, Nevada
JOSEPH CROWLEY, New York
CHRIS VAN HOLLEN, Maryland
KENDRICK MEEK, Florida
ALLYSON Y. SCHWARTZ, Pennsylvania
ARTUR DAVIS, Alabama
Janice Mays, Chief Counsel and Staff Director
Brett Loper, Minority Staff Director
______
SUBCOMMITTEE ON SOCIAL SECURITY
MICHAEL R. MCNULTY, New York, Chairman
SANDER M. LEVIN, Michigan SAM JOHNSON, Texas
EARL POMEROY, North Dakota RON LEWIS, Kentucky
ALLYSON Y. SCHWARTZ, Pennsylvania KEVIN BRADY, Texas
ARTUR DAVIS, Alabama PAUL RYAN, Wisconsin
XAVIER BECERRA, California DEVIN NUNES, California
LLOYD DOGGETT, Texas
STEPHANIE TUBBS JONES, Ohio
Pursuant to clause 2(e)(4) of Rule XI of the Rules of the House, public
hearing records of the Committee on Ways and Means are also published
in electronic form. The printed hearing record remains the official
version. Because electronic submissions are used to prepare both
printed and electronic versions of the hearing record, the process of
converting between various electronic formats may introduce
unintentional errors or omissions. Such occurrences are inherent in the
current publication process and should diminish as the process is
further refined.
C O N T E N T S
__________
Page
Advisory of June 7, 2007, announcing the hearing................. 2
WITNESSES
Frederick G. Streckewald, Assistant Deputy Commissioner for
Program Policy Office of Disability and Income Security
Programs, Social Security Administration....................... 6
Steve Schaeffer, Assistant Inspector General for the Office of
Audit, Social Security Administration Office of the Inspector
General........................................................ 9
Richard Stana, Director of Homeland Security and Justice,
Government Accountability Office............................... 11
Tyler Moran, Employment Policy Director, National Immigration Law
Center, Boise, Idaho........................................... 34
Angelo I. Amador, Director of Immigration Policy, U.S. Chamber of
Commerce....................................................... 46
Sue Meisinger, The Human Resource Initiative for a Legal
Workforce, Society for Human Resource Management, Alexandria,
Virginia....................................................... 63
Peter Neumann, Principal Scientist, Computer Science Laboratory,
SRI International, Menlo Park, California, on behalf of U.S.
Public Policy Committee of the Association for Computing
Machinery...................................................... 68
Marc Rotenberg, Executive Director, Electronic Privacy
Information Center............................................. 77
SUBMISSIONS FOR THE RECORD
National Border Patrol, statement................................ 96
EMPLOYMENT ELIGIBILITY
VERIFICATION SYSTEMS
----------
THURSDAY, JUNE 7, 2007
U.S. House of Representatives,
Committee on Ways and Means,
Subcommittee on Social Security
Washington, DC.
The Subcommittee met, pursuant to notice, at 10:01 a.m., in
Room B-318, Rayburn House Office Building, Hon. Michael R.
McNulty (Chairman of the Subcommittee) presiding.
[The Advisory of the hearing follows:]
ADVISORY
FROM THE
COMMITTEE
ON WAYS
AND
MEANS
SUBCOMMITTEE ON SOCIAL SECURITY
CONTACT: (202) 225-1721
FOR IMMEDIATE RELEASE
June 07, 2007
SS-3
McNulty Announces A Hearing on Employment
Eligibility Verification Systems
Congressman Michael R. McNulty (D-NY), Chairman, Subcommittee on
Social Security of the Committee on Ways and Means, today announced
that the Subcommittee will hold a hearing on current and proposed
employment eligibility verification systems and the role of the Social
Security Administration in authenticating employment eligibility. The
hearing will take place on Thursday, June 7, in room B-318 Rayburn
House Office Building, beginning at 10 a.m.
In view of the limited time available to hear witnesses, oral
testimony at this hearing will be from invited witnesses only. However,
any individual or organization not scheduled for an oral appearance may
submit a written statement for consideration by the Subcommittee and
for inclusion in the printed record of the hearing.
BACKGROUND:
Since 1986, United States immigration law has prohibited employers
from knowingly hiring or continuing to employ aliens who are not
authorized to work under the Immigration and Nationality Act (INA). All
employers are required to request that employees, once hired, produce
documents that show they are authorized to work in the United States.
Verification of the validity of the documents is not mandatory. The
Social Security card is one of a number of items that an employee may
use in combination with other identity documents to demonstrate work
authorization.
While the Department of Homeland Security (DHS) is responsible for
enforcing the INA prohibitions on unauthorized employment, the Social
Security Administration (SSA) plays a key role in the verification
process. Since 1996, employers have had the option of verifying names
and Social Security numbers (SSNs) of new hires against SSA's database
through an employment eligibility verification system (EEVS, formerly
known as the Basic Pilot) operated jointly by SSA and DHS. Until 2003,
the Basic Pilot was restricted to operate in only five states, but has
since been expanded nationally. Currently, about 16,700 employers at
73,000 hiring sites (less than 1 percent of all establishments)
participate in the EEVS. Most participating employers do so
voluntarily, but some are required to use the EEVS by law or because of
prior immigration violations.
In 2006, the system received over 1.6 million requests for
verification. Of these, 1.4 million cases were resolved by SSA. The
bulk of the remaining cases were referred to DHS for further
verification of work-eligibility.
The Government Accountability Office (GAO) and the SSA Inspector
General have found that the current system is hampered by inaccuracies
in the records maintained by DHS and SSA. GAO and other auditors also
have found that the current EEVS is vulnerable to identification
document fraud, prohibited and privacy-violating uses by employers, as
well as discriminatory abuse.
Recent immigration reform proposals have included provisions to
expand some version of an employment eligibility verification system.
Some of the proposals would build on the current EEVS and require
employers to verify all new hires, making the system mandatory for all
7.4 million private and 90,000 public sector employers in the United
States. These employers account for 60 million hires per year,
according to SSA. Other proposals include a requirement that the Social
Security card be enhanced with tamper-proof, counterfeit-resistant or
biometric features.
In announcing the hearing, Chairman McNulty stated ``If employment
eligibility verification is to be a key enforcement tool for
immigration policy, we must ensure the system is effective, efficient
and feasible. We need a better understanding of the possible
consequences and impact on the Social Security Administration if they
are to undertake this expanded responsibility without compromising
their core mission of administering Social Security.''
FOCUS OF THE HEARING:
The hearing will examine the current EEVS system and proposed
expansions, including the potential costs and increased workloads that
would be faced by SSA. The hearing also will examine the potential
impact on workers and employers; how it would interact with REAL ID and
other identification methods; and the privacy implications, especially
in light of proposed data-sharing arrangements between agencies.
DETAILS FOR SUBMISSION OF WRITTEN COMMENTS::
Please Note: Any person(s) and/or organization(s) wishing to submit
for the hearing record must follow the appropriate link on the hearing
page of the Committee website and complete the informational forms.
From the Committee homepage, http://waysandmeans.house.gov, select
``110th Congress'' from the menu entitled, ``Committee Hearings''
(http:waysandmeans.house.gov/Hearings.asp?congress=18). Select the
hearing for which you would like to submit, and click on the link
entitled, ``Click here to provide a submission for the record.'' Once
you have followed the online instructions, completing all informational
forms and clicking ``submit'' on the final page, an email will be sent
to the address which you supply confirming your interest in providing a
submission for the record. You MUST REPLY to the email and ATTACH your
submission as a Word or WordPerfect document, in compliance with the
formatting requirements listed below, by close of business Thursday,
June 21, 2007. Finally, please note that due to the change in House
mail policy, the U.S. Capitol Police will refuse sealed-package
deliveries to all House Office Buildings. For questions, or if you
encounter technical problems, please call (202) 225-1721.
FORMATTING REQUIREMENTS:
The Committee relies on electronic submissions for printing the
official hearing record. As always, submissions will be included in the
record according to the discretion of the Committee. The Committee will
not alter the content of your submission, but we reserve the right to
format it according to our guidelines. Any submission provided to the
Committee by a witness, any supplementary materials submitted for the
printed record, and any written comments in response to a request for
written comments must conform to the guidelines listed below. Any
submission or supplementary item not in compliance with these
guidelines will not be printed, but will be maintained in the Committee
files for review and use by the Committee.
1. All submissions and supplementary materials must be provided in
Word or WordPerfect format and MUST NOT exceed a total of 10 pages,
including attachments. Witnesses and submitters are advised that the
Committee relies on electronic submissions for printing the official
hearing record.
2. Copies of whole documents submitted as exhibit material will not
be accepted for printing. Instead, exhibit material should be
referenced and quoted or paraphrased. All exhibit material not meeting
these specifications will be maintained in the Committee files for
review and use by the Committee.
3. All submissions must include a list of all clients, persons,
and/or organizations on whose behalf the witness appears. A
supplemental sheet must accompany each submission listing the name,
company, address, telephone and fax numbers of each witness.
Note: All Committee advisories and news releases are available on
the World Wide Web at http://waysandmeans.house.gov.
The Committee seeks to make its facilities accessible to persons
with disabilities. If you are in need of special accommodations, please
call 202-225-1721 or 202-226-3411 TTD/TTY in advance of the event (four
business days notice is requested). Questions with regard to special
accommodation needs in general (including availability of Committee
materials in alternative formats) may be directed to the Committee as
noted above.
Chairman MCNULTY. I want to welcome all of our witnesses
and all of our guests here today. Our hearing today will focus
on current and proposed systems for verifying the employment
eligibility of American workers under immigration law.
We are particularly interested in the impact of these
proposals on the Social Security Administration, an agency in
which this Subcommittee has a keen interest, and which already
is very busy administering retirement, disability, and survivor
benefits.
The employment eligibility verification process relies
heavily on SSA to confirm the validity of Social Security
numbers assigned to workers. We currently have a modest
employment eligibility verification system, formerly called
Basic Pilot and now called EEVS. It is used by about 17,000
employers at 73,000 hiring sites.
The major immigration reform proposals being considered all
envision a massive expansion of the system to cover all
employers, at an estimated 7\1/2\ million hiring sites. These
employers account for about 60 million hiring decisions per
year.
This expansion would present a very substantial new burden
on SSA, which would receive upward of 60 million queries per
year. If an employee's information does not match SSA's
records, he or she must contact SSA, often in person, to
present documentation and correct the record in order to keep
their job.
We will hear from SSA and other experts about how there are
errors and discrepancies in the databases that would be used by
the system. Even a low error rate of 4 percent, the estimated
percentage of errors in a key SSA database, would result in
millions of American workers having to contact SSA before they
can be hired. Most of them would be U.S. citizens.
We will also hear from an EPR panel of witnesses who will
testify on how the proposed system would impact workers, their
employers, and the privacy rights of American taxpayers, all of
whom will be affected by the proposed EEVS legislation.
Finally, we must also be wary of proposals that depend on
the Social Security Administration to create a new national ID
card, which is very costly and runs counter to efforts here and
in the states to combat identity theft.
If EEVS is to be a key enforcement tool for immigration
policy, we must ensure that the system is effective, efficient,
and feasible for SSA, for employers, and for employees. We must
also ensure that if SSA is going to be given a major new role
in enforcing immigration law, it must be provided with adequate
resources to fulfill this new charge without compromising its
core duty to administer Social Security.
At this time I would like to yield to my very good friend,
distinguished veteran, and colleague, Sam Johnson, for an
opening statement.
Mr. JOHNSON. Thank you, Mr. Chairman. I thank my colleague
from New York. With New York and Texas on board, we can
probably get it done. What do you think, Sandy?
Mr. LEVIN. I think so. That is called power.
Mr. JOHNSON. I appreciate you holding this hearing on
current and proposed employment eligibility verification
systems. I support helping employers who want to do the right
thing and obey our immigration laws. I want to see our
immigration laws enforced to deter those employers from
knowingly breaking the law and hiring illegal immigrants.
Because ID verification is an essential component of
worksite enforcement, I want to protect workers from having
their identities stolen by someone working under their name and
their Social Security number.
Right now the Social Security Administration works with the
Department of Homeland Security to help employers voluntarily
verify the identifying information and employment eligibility
of their new hires. This verification system, known as the
Employment Eligibility Verification System, or EEVS, formerly
referred to as the Basic Pilot Program. Now any employer can
use it for free if they choose.
Our colleagues in the Senate are now debating immigration
overhaul. One section of the Senate bill would require
employers to verify that all their employees are work-
authorized. In other words, for the first time, businesses
would be required to obtain Federal approval for their
employees from a law enforcement agency.
I find this to be a little chilling, and I think most
Americans would oppose having to go through a law enforcement
agency to gain work authorization. Also, this new and unfunded
employer mandate would place significant burdens on employers,
particularly small business, and the Social Security
Administration.
GAO and others have raised concerns regarding the accuracy
of the underlying databases this system would rely on and
whether responses would be timely if all employers were
required to use the system, as opposed to less than 1 percent
of employers using the system today.
Worse, the current system relies on a number of so-called
identity documents which don't stop identity thieves or the
creation of false documents. We need to find common sense
solutions to these problems.
The lure of employment opportunities in the United States
has long been acknowledged as a major reason for immigration,
both legal and illegal. Cutting off the demand for illegal
workers through enforcement of employment laws will help us
secure our borders.
This Subcommittee has had eight hearings in the past 4
years focusing on Social Security number verification as well
as ID issues. It is now time for us to improve the employment
eligibility verification process so that American employers can
confidently hire people to work. Today's witnesses will help us
determine the best way how.
Thank you, Mr. Chairman.
Chairman MCNULTY. I thank the distinguished Ranking Member.
Without objection, any additional opening statements by Members
of the Committee will be included in the record. Of course, the
statements by the witnesses will be included in the record in
their entirety. We would ask, as usual, that in your testimony,
you summarize your testimony within about 5 minutes so that we
can allow for a maximum amount of time for the various
questions.
Panel No. 1 consists of Frederick Streckewald, Assistant
Deputy Commissioner for Program Policy, Office of Disability
and Income Security Programs, of SSA; Steve Schaeffer,
Assistant Inspector General for the Office of Audit, Social
Security Administration, Office of the Inspector General; and
Richard Stana, Director of Homeland Security and Justice,
Government Accountability Office.
I thank all of you for being here today. We will start with
Mr. Streckewald, and take all of your testimony together, and
then proceed to questions.
Mr. Streckewald.
STATEMENT OF FREDERICK G. STRECKEWALD, ASSISTANT DEPUTY
COMMISSIONER FOR PROGRAM POLICY, OFFICE OF DISABILITY AND
INCOME SECURITY PROGRAMS, SOCIAL SECURITY ADMINISTRATION
Mr. STRECKEWALD. Mr. Chairman and Members of the
Subcommittee, thank you for inviting me here today to discuss
SSA's role in helping to administer the Department of Homeland
Security's Employment Eligibility Verification System or EEVS.
This system, formerly known as the Basic Pilot Program, allows
employers to verify the employment eligibility information
provided by newly hired employees.
Worksite enforcement is key to successful immigration
reform, and a critical component of worksite enforcement is a
strong employer verification system. The Administration
supports mandatory participation in an employment eligibility
verification system by all United States employers. We are
pleased that you are holding the hearing today to discuss the
impact of the expansion of EEVS on SSA, employers, and their
employees.
Let me begin with a little background on the current
system. In 1996, Congress enacted the Immigration Reform and
Immigrant Responsibility Act, which required testing three
alternative methods of providing an effective,
nondiscriminatory employment eligibility confirmation process.
The current EEVS was one of these methods.
Today there are more than 17,000 employers participating in
EEVS at more than 77,000 worksites. So, far in 2007, we have
handled more than 1.8 million queries, an increase of 96
percent over the same period last year.
Employers participate voluntarily, and they register with
DHS to use the automated system to verify an employee's Social
Security number and work authorization status. The employer
submits to the system information from the employee Form I-9.
DHS then sends this information to SSA to verify for all new
employees that the Social Security number, name, and date of
birth match SSA records.
For individuals alleging U.S. citizenship, SSA will also
confirm citizenship status, thereby confirming work
authorization. For all non-citizens, if there is a match with
SSA, DHS then determines the current work authorization status.
DHS then notifies the employer of the result. Ninety-two
percent of initial verification queries are confirmed within
seconds.
Proposals pending in Congress would require all employers
in the United States to use the EEVS to verify employment
eligibility and the identity of all new hires. These proposals
would phase in participation over a period of time. Every year,
however, approximately 60 million individuals start a new job.
Therefore, we would expect mandatory participation to have a
substantial effect on our Agency.
SSA's role in EEVS relies upon the information in our
Numident database, which houses the name, date of birth, and
Social Security number of more than 441 million individuals. We
have great confidence in the integrity of the Numident, but in
any large system of records there will be some that require
updating or correcting.
Our current experience with voluntary EEVS shows that for
every 100 queries submitted to the system, SSA field offices or
phone representatives are contacted three times. We anticipate
that in a mandatory system, the percentage of individuals
coming to us will be higher than in the current voluntary
system.
If Congress enacts a mandatory EEVS, it is crucial that the
tools and resources be in place to ensure that the system works
efficiently and effectively, and that the proper safeguards are
built in to guarantee that United States citizens and work-
authorized non-citizens receive prompt confirmation of their
work authorization status.
Again, thank you for inviting me here today. We are
grateful for your ongoing efforts to ensure the Agency has the
funding it needs to accomplish its mission. On behalf of SSA, I
want to thank you for your continuing support for the Agency,
for our mission, and for our dedicated workforce.
I will be happy to answer any questions you may have.
[The prepared statement of Mr. Streckewald follows:]
Chairman MCNULTY. Thank you.
Prepared Statement of Frederick G. Streckewald, Assistant Deputy
Commissioner for Program Policy, Office of Disability and Income
Security Programs, Social Security Administration
Mr. Chairman and Members of the Subcommittee:
Thank you for inviting me here today to discuss the Social Security
Administration's (SSA's) role in helping to administer the Department
of Homeland Security's (DHS) Employment Eligibility Verification System
(EEVS). This system, formerly known as the Basic Pilot Program, allows
employers to verify the employment eligibility information provided by
newly hired employees.
Worksite enforcement is key to successful immigration reform, and a
critical component of worksite enforcement is a strong employer
verification system. The Administration supports--and proposals
currently pending before Congress incorporate--mandatory participation
in an employment eligibility verification system by all United States
employers. We are pleased that you are holding this hearing today to
discuss the impact of the expansion of EEVS on SSA, employers and their
employees. We are keenly aware of the need to ensure that the system
works the way it is intended.
The History of the Current Voluntary System
The Immigration Reform and Control Act (IRCA) of 1986 required
employers for the first time to examine worker documents to check the
employment eligibility of newly hired employees. Ten years later, in
1996, Congress enacted the Illegal Immigration Reform and Immigrant
Responsibility Act (IIRIRA), which required testing three alternative
methods of providing an effective, nondiscriminatory employment
eligibility confirmation process; the current EEVS was one of the three
methods.
The law required the voluntary EEVS to be implemented in a minimum
of 5 of the 7 States with the highest estimated population of
noncitizens not lawfully present in the United States. The five states
were California, Florida, Illinois, New York and Texas.
In March 1999, Nebraska was added to assist employers in the
meatpacking industry. Employers in those six states were also allowed
to include their work sites located in other states. In 2002, Congress
extended authorization for the system for an additional 2 years. In
2003, Congress again extended the EEVS and expanded the voluntary
participation to include employers in all 50 States. The system will
expire in 2008 under current law.
In December 2004, before the nationwide expansion, there were 2,924
participating employers. Today, there are more than 17,000 employers
participating in the EEVS at more than 77,000 sites, and participation
is growing by more than 1,000 employers every month. As the number of
participating employers has grown, so has the number of queries we
handle. In Fiscal Year (FY) 2005, SSA handled approximately 980,000
queries; in FY 2006, we handled over 1,740,000. So far, in FY 2007, we
have handled more than 1,800,000 queries, an increase of 96 percent
over the same period last year.
The Process
Employers participate voluntarily and register with DHS to use the
automated system to verify an employee's SSN and work authorization
status. The employer inputs information into the system from the Form
I-9, the Employment Eligibility Verification Form. DHS then sends this
information to SSA to verify for all new employees that the Social
Security number, name, and date of birth submitted match information in
SSA records. For individuals alleging United States citizenship, SSA
will also confirm citizenship status, thereby confirming work
authorization. For all non-citizens, if there is a match with SSA, DHS
then determines the current work authorization status. Within three to
five seconds, through the system, DHS notifies the employer of the
result; employment authorized, SSA tentative nonconfirmation, DHS
verification in progress, or DHS tentative nonconfirmation.
Ninety-two percent of initial verification queries are confirmed
within seconds. If SSA cannot confirm that the information matches SSA
records or cannot confirm United States citizenship, DHS will notify
the employer of the SSA tentative nonconfirmation. The employer must
notify the employee of the tentative nonconfirmation in order to
provide the employee the opportunity to contest that finding. If the
employee contests the tentative nonconfirmation, he or she has eight
days to visit an SSA office with the required documents to correct the
SSA record. The employer must re-query the system to verify that the
tentative nonconfirmation has been resolved.
SSA has a good ongoing working relationship with DHS. Together, we
continue to work to improve upon the operation of the current system--
to make it work more efficiently and more smoothly for employers and
their employees. We have begun laying the groundwork to increase our
capacity to handle substantially heavier volumes of verification
transactions, as the voluntary program continues to grow. If Congress
mandates the use of the system, these improvements will facilitate
nationwide expansion.
Mandatory Participation
There are several proposals now pending in Congress that would
require all employers in the United States to use the EEVS to verify
the employment eligibility and identity of all new hires. The bills we
have seen provide for some kind of phased-in approach to mandatory
participation and require employers operating in the Nation's critical
infrastructures to be the first participants. Some proposals also
require employers to verify the employment eligibility and identity of
their entire workforce and to periodically re-verify the work
authorization status of individuals whose temporary work authorization
is set to expire.
As I mentioned earlier, SSA and DHS are already working to lay the
groundwork for broader employer participation in the current EEVS.
Every year, approximately 60 million individuals start a new job.
Therefore, we would expect mandatory participation to have a
substantial effect on our Agency. It is vitally important that, when
Congress makes a decision regarding the implementation of a mandatory
program, we have adequate lead-time and resources. With these tools, we
can effectively expand the EEVS and ensure that it works successfully
without impinging on our ability to handle our other workloads.
SSA Records
SSA matches information submitted by the employer against the
information in our Numident database, which houses the identifying
information, including name, date of birth, and SSN of more than 441
million individuals. We have great confidence in the integrity of the
Numident information. In fact, in a December 2006 report issued to
Congress, SSA's Office of Inspector General (OIG) commended the
accuracy of Numident information.
Of course, in any large system of records, there will be records
that require updating or correcting. For example, the OIG found
discrepancies in 4.1 percent of Numident records that might lead to
tentative nonconfirmations and that 7 percent of naturalized citizens
had not updated their Numident records to reflect their new citizenship
status. In the administration of our programs, we update or correct our
records at the time an individual applies for a replacement card,
requests a change in the record--a name change, for example--or applies
for a Social Security benefit. As part of the process to correct our
records, we need to verify the identity of the individual whose records
we are updating and the information we are adding to the individual's
records. That is why virtually all of these changes are made during a
face-to-face interview in our field offices.
One way we provide individuals the opportunity to review and, if
necessary, correct their wage records is the annual Social Security
Statement that goes to each worker 25 years or older. The Statement
provides individuals with an annual report of wages recorded. In FY
2006, SSA mailed approximately 145 million Statements.
Our current experience with voluntary EEVS shows that for every 100
queries submitted to the System, SSA field offices or phone
representatives are contacted three times. As the number of
participating employers increases, the number of related contacts with
SSA will also increase. We anticipate that in a mandatory system the
percentage of individuals coming to us will be higher than in the
current voluntary system.
As you know, the Agency is currently facing substantial challenges
in meeting the workloads of our core programs. With timely and adequate
funding, we will be able to meet the demands of a phased-in approach to
mandatory participation. We are grateful for your ongoing efforts to
ensure the Agency has the funding it needs to accomplish its missions.
Conclusion
At SSA, we have a proven performance record and can and will do
what we are called upon to do. The Administration supports a strong
employer verification system as a critical element of a successful and
comprehensive approach to immigration reform. As increasing numbers of
employers participate in the current voluntary EEVS, and considering
the even greater number that will participate if mandated by Congress,
it is crucial that the tools and resources be in place to ensure that
the system works efficiently and effectively and that the proper
safeguards are built in to guarantee that United States citizens and
work authorized noncitizens receive prompt confirmation of their work
authorization status.
I want to thank the Chairman and members of the Subcommittee for
inviting me here today. On behalf of SSA, I want to thank the
Subcommittee for its continuing support for the Agency, for our
mission, and for our dedicated workforce.
I will be happy to answer any questions you might have.
Mr. Schaeffer.
STATEMENT OF STEVEN L. SCHAEFFER, ASSISTANT INSPECTOR GENERAL
FOR THE OFFICE OF AUDIT, SOCIAL SECURITY ADMINISTRATION OFFICE
OF THE INSPECTOR GENERAL
Mr. SCHAEFFER. Good morning, Chairman McNulty, Mr. Johnson,
and Members of the Subcommittee. It is a pleasure to be here
today to provide the Social Security Administration's Office of
Inspector General's perspective on Employment Eligibility
Verification Systems, or EEVS.
Each agency involved in EEVS has its own contribution to
make to the system's success. The SSA OIG's role is to evaluate
the use of SSA data within the EEVS process and recommend
improvements with respect to the accuracy and the security of
such data.
SSA's information constitutes the foundation of EEVS. The
purpose of our evaluations and reviews is to assist SSA in
improving the accuracy of the employer wage reporting and
reducing SSN misuse and identity theft.
In 2006, the former Chairman of this Subcommittee, Mr.
McCrery, asked us to conduct several reviews relative to EEVS.
First, to assess the accuracy of the data used by EEVS, we
turned to SSA's Numident file. This file contains relevant
information about Social Security number holders, including
name, date of birth, place of birth, and citizenship status,
and these data are used in the EEVS.
Although we found SSA's information to be generally
accurate, we identified discrepancies in an estimated 18
million, or 4 percent, of the Numident records that could
result in incorrect feedback to employers attempting to
determine the employment eligibility of their workers.
This incorrect feedback could lead to both false positives
and false negatives for employees. In addition, verification
problems may delay the hiring process and lead to an increase
in visits to SSA's field offices.
In our second review, to assess the functionality of EEVS,
we gathered information on the experience of employers who had
used EEVS, as well as those who had used SSA's Social Security
number verification service or SSNVS. We found that 100 percent
of the EEVS users interviewed rated the programs as excellent,
very good, or good. In addition, at least 98 percent of the
users indicated that their employers were very likely to
continue to use the programs.
About 10 percent of the EEVS users reported that they
experienced minor problems using the two programs. In most of
the cases, the user reported that SSA and/or DHS staff were
able to resolve their problems timely.
We also found, however, that approximately 42 percent of
EEVS users were not using the program as intended. While the
program is intended to verify the work authorization of newly
hired employees within 3 days after they are hired, some
employers conducted verifications for longstanding employees or
individuals who were not yet hired. Monitoring appropriate use
should be part of any enhanced system.
In the third review conducted at the Subcommittee's
request, we assessed controls over EEVS and SSA's SSNVS to
monitor potential abuse by employers, as well as SSA and DHS's
experience to date with this monitoring. We found that SSA had
established effective controls over access and use of sensitive
data in its SSNVS program, as well as effective controls to
detect anomalies in SSNVS usage and potential misuse of the
program.
While we found that EEVS did not have the same level of
controls, we reported that DHS officials were meeting with
counterparts from SSA and the IRS to discuss potential
enhancements to EEVS, avenues for greater cooperation, and the
potential for adopting some of the monitoring and applicant
verification activities already being performed under SSNVS.
We are now completing a fourth review where we are
assessing controls over all of SSA's employee verification
programs as well as EEVS. This review will also highlight best
practices, and as a part of the audit, we will determine
whether employers are receiving a consistent reply from all of
these services. We expect to issue this report in the next few
months, and as always, will share a copy with the Committee.
Through reports such as these, our efforts to ensure the
reliability of the data used by EEVS and the functionality and
security of EEVS helps employers report accurate wages to SSA
and minimize the improper use of SSNs.
Thank you, and I will be happy to answer any questions.
Chairman MCNULTY. Thank you, Mr. Schaeffer.
Mr. Stana.
STATEMENT OF RICHARD M. STANA, DIRECTOR OF HOMELAND SECURITY
AND JUSTICE, GOVERNMENT ACCOUNTABILITY OFFICE
Mr. STANA. Thank you, Chairman McNulty, Mr. Johnson,
Members of the Subcommittee. I appreciate the opportunity to
participate in today's hearing on EEVS. As we and others have
reported in the past, the opportunity for employment is a key
magnet attracting illegal aliens to the United States. In 1986,
Congress passed the Immigration Reform and Control Act, which
established an employment verification process for employers to
verify all new hired employees' work eligibility, and a
sanctions program for fining employers who do not comply with
the Act. The availability and use of counterfeit documents, and
the fraudulent use of valid documents belonging to others, have
made it difficult for employers who want to comply with current
employment verification processes to ensure that they hire only
authorized workers. Counterfeit documents have also made it
easier for employers who don't want to comply and knowingly
hire unauthorized workers to do so without fear of sanction.
Over the years, immigration experts have said that the
single most important step that could be taken to manage lawful
immigration and reduce unlawful migration is to develop an
effective system for verifying work authorization. DHS and SSA
currently operate the EEVS program, which is a voluntary
automated system authorized by the 1996 Immigration Act, for
employers to electronically check employees' work eligibility
information against information in DHS and SSA databases. Of
the 5.9 million employers in the U.S., about 17,000 employers
are now registered to use the program, and only about half of
these are active users. This program shows promise to help
identify the use of counterfeit documents and assist U.S.
Immigration and Customs Enforcement in better targeting its
worksite enforcement efforts, but the following areas would
need to be addressed before it is expanded to all employers and
is effectively implemented as envisioned in various immigration
reform proposals.
First, program capacity would need to be expanded. DHS
estimated that increasing EEVS capacity could cost it $70
million annually for program management and $300 million to
$400 million annually for compliance activities and staff. SSA
officials estimated that expansion of the EEVS program to
100,000 participants from the current 17,000 would cost $5 to
$6 million, and noted that the cost of a mandatory EEVS would
be much higher and driven by increased workload of its field
office staff who resolve queries that SSA cannot immediately
confirm.
Second, data reliability issues would need to be addressed.
The majority of EEVS queries entered by employers, about 92
percent, are confirmed within seconds that the employee is
work-authorized. About 7 percent of the queries cannot be
immediately confirmed by SSA, and about 1 percent cannot be
immediately confirmed by DHS. Resolving these nonconfirmations
can take several days, or in a few cases even weeks. DHS and
SSA are considering options for using additional automated
checks to immediately confirm work authorization, which may be
important should EEVS be made mandatory for all employers.
Third, while EEVS may help to reduce document fraud, it
cannot yet fully address identity fraud issues, for example,
when employees present borrowed or stolen genuine documents.
The current EEVS program is piloting a photograph screening
tool, whereby an employer can more easily identify fraudulent
documentation. DHS expects to expand the use of this tool to
all participating employers by September 2007. Although
mandatory EEVS and the associated use of the photograph
screening tool offer some remedy, limiting the number of
acceptable work authorization documents and making them more
secure would help to better address identity fraud issues.
Finally, EEVS is vulnerable to employer fraud, such as
entering the same identity information to authorize multiple
workers. EEVS is also vulnerable to employer misuse that
adversely affects employees, such as employers limiting work
assignments or pay while employees are undergoing the
verification process. Currently there is no formal mechanism
for sharing compliance data with ICE agents. DHS is
establishing a new compliance and monitoring program to help
reduce employer fraud and misuse by, for example, identifying
patterns in employer noncompliance with program requirements.
Information suggesting employers' fraud and misuse of the
system could be useful in targeting limited worksite
enforcement resources and promoting employer compliance with
employment laws.
As an aside, our report last summer on selected countries'
experiences with foreign worker programs found that while
different approaches were used, and no country we studied did
everything perfectly or effectively, many of the same issues
existed in these countries as exist here. These include
ensuring only that those authorized to work could obtain
employment; that employers comply with laws governing worksite
conditions; that taxes and social insurance payments are
collected; and that appropriate mechanisms are available,
including data matching and sharing among agencies, to help
reduce immigration and labor law violations.
In closing, both DHS and SSA have taken a number of steps
to address weaknesses in the current EEVS program, but much
more needs to be done if this is going to be expanded to all
employers. This will require a substantial investment in staff
and other resources, at least in the near term, in both
agencies. Implementing an EEV program that ensures that all
individuals working in the country are doing so legally, and
that undue burdens are not placed on employers or employees,
will not be an easy task within the timelines suggested in
immigration reform proposals.
This concludes my oral statement, and I would be happy to
answer any questions that Members of the Subcommittee may have.
[The prepared statement of Mr. Stana follows:]
Prepared Statement of Richard Stana, Director of Homeland Security and
Justice, Government Accountability Office
Mr. Chairman and Members of the Subcommittee:
I appreciate the opportunity to be here today to participate in
this hearing on electronic employment verification. As we and others
have reported in the past, the opportunity for employment is one of the
most powerful magnets attracting unauthorized immigrants to the United
States. To help address this issue, in 1986 Congress passed the
Immigration Reform and Control Act (IRCA),\1\ which made it illegal for
individuals and entities to knowingly hire, continue to employ, or
recruit or refer for a fee unauthorized workers. The act established a
two-pronged approach for helping to limit the employment of
unauthorized workers: (1) an employment verification process through
which employers verify all newly hired employees' work eligibility and
(2) a sanctions program for fining employers who do not comply with the
act.\2\
---------------------------------------------------------------------------
\1\ Pub. L. No. 99-603, 8 U.S.C. Sec. 1324a.
\2\ IRCA provided for sanctions against employers who do not follow
the employment verification (Form I-9) process. Employers who fail to
properly complete, retain, or present for inspection a Form I-9 may
face civil or administrative fines ranging from $110 to $1,100 for each
employee for whom the form was not properly completed, retained, or
presented. Employers who knowingly hire or continue to employ
unauthorized aliens may be fined from $275 to $11,000 for each
employee, depending on whether the violation is a first or subsequent
offense. Employers who engage in a pattern or practice of knowingly
hiring or continuing to employ unauthorized aliens are subject to
criminal penalties consisting of fines up to $3,000 per unauthorized
employee and up to 6 months' imprisonment for the entire pattern or
practice.
---------------------------------------------------------------------------
Following the passage of IRCA, the U.S. Commission on Immigration
Reform and various immigration experts indicated a number of problems
with the implementation of immigration policies and concluded that
deterring illegal immigration requires, among other things, strategies
that focus on disrupting the ability of illegal immigrants to gain
employment through a more reliable employment eligibility verification
process. In particular, the commission report and other studies found
that the single most important step that could be taken to reduce
unlawful migration is the development of a more effective system for
verifying work authorization. In the over 20 years since passage of
IRCA, the employment eligibility verification process has remained
largely unchanged. The House and Senate are considering legislation to
reform immigration laws and strengthen electronic employment
verification. Some of this legislation includes proposals that would
require implementing a mandatory, functional electronic employment
verification program for all employers before other immigration-related
reforms could be initiated. Currently, the U.S. Citizenship and
Immigration Services (USCIS) administers, and Social Security
Administration (SSA) supports, a voluntary electronic employment
verification program, called the Employment Eligibility Verification
(EEV) program.
My testimony today is an update of our prior work regarding
employment verification and worksite enforcement. Specifically, I will
discuss our observations on the current electronic employment
verification program and challenges to making the program mandatory for
all employers.
In preparing this testimony, we reviewed our past work on
employment verification and worksite enforcement efforts.\3\ We
analyzed updated information provided by U.S. Immigration and Customs
Enforcement (ICE), USCIS, and SSA officials on steps they are taking to
address weaknesses identified in our prior work, as well as challenges
their agencies may face if an electronic employment verification
program were made mandatory. We examined regulations, guidance, and
other studies on the employment verification process. We also analyzed
a report on the results of an independent evaluation of the electronic
employment eligibility verification program, then known as the Basic
Pilot program, conducted by the Institute for Survey Research at Temple
University and Westat in June 2004.\4\ Furthermore, we received updated
data on employer use of the current electronic employment eligibility
verification system. We reviewed these data for accuracy and
completeness and determined that these data were sufficiently reliable
for the purposes of our review. We conducted the work reflected in this
statement from September 2004 through July 2005 and updated this
information in May and June 2007 in accordance with generally accepted
government auditing standards.
---------------------------------------------------------------------------
\3\ GAO, Immigration Enforcement: Weaknesses Hinder Employment
Verification and Worksite Enforcement Efforts, GAO-05-813 (Washington,
D.C.: Aug. 31, 2005).
\4\ Institute for Survey Research and Westat, Findings of the Basic
Pilot Program Evaluation (Washington, D.C.: June 2004).
---------------------------------------------------------------------------
Summary
A mandatory EEV would necessitate an increased capacity at both
USCIS and SSA to accommodate the estimated 5.9 million employers in the
United States.\5\ As of May 2007, about 17,000 employers have
registered for the EEV program, about half of which are active users.
USCIS has estimated that a mandatory EEV could cost USCIS $70 million
annually for program management and $300 million to $400 million
annually for compliance activities and staff, depending on the method
for implementing the program. The costs associated with other
programmatic and system enhancements are currently unknown. SSA is
currently refining its estimates and was not yet able to provide
estimates for the cost of a mandatory EEV. According to SSA officials,
the cost of a mandatory EEV would be driven by the field offices'
increased workload required to resolve queries that SSA cannot
immediately confirm.
---------------------------------------------------------------------------
\5\ In 2004, the most recent year for which data are available,
there were approximately 5.9 million firms in the United States. A firm
is a business organization consisting of one or more domestic
establishments in the same state and industry that were specified under
common ownership or control. Under EEV, one employer may have multiple
worksites that use the system. For example, a hotel chain could have
multiple individual hotels using EEV. This hotel chain would represent
one employer using the pilot program.
---------------------------------------------------------------------------
USCIS and SSA are exploring options to reduce delays in the EEV
process. According to USCIS, the majority of EEV queries entered by
employers--about 92 percent--confirm within seconds that the employee
is authorized to work. About 7 percent of the queries cannot be
immediately confirmed by SSA, and about 1 percent cannot be immediately
confirmed by USCIS. With regard to the SSA-issued tentative
nonconfirmations,\6\ USCIS and SSA officials told us that the majority
occur because employees' citizenship or other information, such as name
changes, is not up to date in the SSA database. Resolving some DHS
nonconfirmations can take several days, or in a few cases even weeks.
USCIS and SSA are examining ways to improve the system's ability to use
additional automated checks to immediately confirm work authorization.
---------------------------------------------------------------------------
\6\ In general, in cases when the EEV system cannot confirm an
employee's work authorization status through the initial automatic
check, the system issues the employer either an SSA or a DHS tentative
nonconfirmation of the employee's work authorization status, which
requires the employee to resolve any data inaccuracies if he or she is
able or chooses to do so.
---------------------------------------------------------------------------
EEV may help reduce document fraud, but it cannot yet fully address
identity fraud issues, for example, when employees present borrowed or
stolen genuine documents. The current EEV program is piloting a
photograph screening tool, whereby an employer can more easily identify
fraudulent documentation. This tool is currently being used by over 70
employers, and USCIS expects to expand the use of the tool to all
participating employers by the end of summer 2007. Although mandatory
EEV and the associated use of the photograph screening tool offer some
remedy, further actions, such as limiting the number of acceptable work
authorization documents and making them more secure, may be required to
more fully address identity fraud.
EEV is vulnerable to employer fraud that diminishes its
effectiveness and misuse that adversely affects employees. ICE
officials stated that EEV program data could indicate cases in which
employers may be fraudulently using the system and therefore would help
the agency better target its limited worksite enforcement resources
toward those employers. EEV is also vulnerable to employer misuse that
adversely affects employees, such as limiting work assignments or pay
while employees are undergoing the verification process. USCIS is
establishing a new Compliance and Monitoring program to help reduce
employer fraud and misuse by, for example, identifying patterns in
employer compliance with program requirements. Information suggesting
employers' fraud or misuse of the system could be useful to other DHS
components in targeting limited worksite enforcement resources and
promoting employer compliance with employment laws.
Background
In 1986, IRCA established the employment verification process based
on employers' review of documents presented by employees to prove
identity and work eligibility. On the Form I-9, employees must attest
that they are U.S. citizens, lawfully admitted permanent residents, or
aliens authorized to work in the United States. Employers must then
certify that they have reviewed the documents presented by their
employees to establish identity and work eligibility and that the
documents appear genuine and relate to the individual presenting them.
In making their certifications, employers are expected to judge whether
the documents presented are obviously counterfeit or fraudulent.
Employers generally are deemed in compliance with IRCA if they have
followed the Form I-9 process in good faith, including when an
unauthorized alien presents fraudulent documents that appear genuine.
Following the passage of IRCA in 1986, employees could present 29
different documents to establish their identity and/or work
eligibility. In a 1997 interim rule, the former U.S. Immigration and
Naturalization Service (INS) reduced the number of acceptable work
eligibility documents from 29 to 27.\7\
---------------------------------------------------------------------------
\7\ Eight of these documents establish both identity and employment
eligibility (e.g., U.S. passport or permanent resident card); 12
documents establish identity only (e.g., driver's license); and 7
documents establish employment eligibility only (e.g., Social Security
card).
---------------------------------------------------------------------------
The Illegal Immigration Reform and Immigrant Responsibility Act
(IIRIRA) \8\ of 1996 required the former INS and SSA to operate three
voluntary pilot programs to test electronic means for employers to
verify an employee's eligibility to work, one of which was the Basic
Pilot Program.\9\ The Basic Pilot Program was designed to test whether
pilot verification procedures could improve the existing employment
verification process by reducing (1) false claims of U.S. citizenship
and document fraud, (2) discrimination against employees, (3)
violations of civil liberties and privacy, and (4) the burden on
employers to verify employees' work eligibility.
---------------------------------------------------------------------------
\8\ U.S.C. 1324a(b). IIRIRA was enacted within a larger piece of
legislation, the Omnibus Consolidated Appropriations Act, 1997, Pub. L.
No. 104-208, 110 Stat. 3009.
\9\ The other two pilot programs mandated by IIRIRA--the Citizen
Attestation Verification Pilot Program and the Machine-Readable
Document Pilot Program--were discontinued in 2003 due to technical
difficulties and unintended consequences identified in evaluations of
the programs. See Institute for Survey Research and Westat, Findings of
the Citizen Attestation Verification Pilot Program Evaluation
(Washington, D.C.: April 2003) and Institute for Survey Research and
Westat, Findings of the Machine-Readable Document Pilot Program
Evaluation (Washington, D.C.: May 2003).
---------------------------------------------------------------------------
In 2007, USCIS renamed the Basic Pilot Program the Employment
Eligibility Verification (EEV) program. EEV provides participating
employers with an electronic method to verify their employees' work
eligibility. Employers may participate voluntarily in EEV, but are
still required to complete Forms I-9 for all newly hired employees in
accordance with IRCA. After completing the forms, these employers query
EEV's automated system by entering employee information provided on the
forms, such as name and Social Security number, into the EEV Web site
within 3 working days of the employees' hire date. The program then
electronically matches that information against information in SSA's
NUMIDENT database and, for noncitizens, DHS databases to determine
whether the employee is eligible to work. EEV electronically notifies
employers whether their employees' work authorization was confirmed.
Those queries that the DHS automated check cannot confirm are referred
to DHS immigration status verifiers, who check employee information
against information in other DHS databases. The EEV process is shown in
figure 1.
Figure 1: Electronic Employment Verification Program Verification
Process
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
In cases when EEV cannot confirm an employee's work authorization
status either through the automatic check or the check by an
immigration status verifier, the system issues the employer a tentative
nonconfirmation of the employee's work authorization status. In this
case, the employers must notify the affected employees of the finding,
and the employees have the right to contest their tentative
nonconfirmations by contacting SSA or USCIS to resolve any inaccuracies
in their records within 8 days. During this time, employers may not
take any adverse actions against those employees, such as limiting
their work assignments or pay. After 10 days, employers are required to
either immediately terminate the employment or notify DHS of the
continued employment of workers who do not successfully contest the
tentative nonconfirmation and those who the pilot program finds are not
work-authorized.
The EEV program is a part of USCIS's Systematic Alien Verification
for Entitlements Program, which provides a variety of verification
services for federal, state, and local government agencies. USCIS
estimates that there are more than 150,000 federal, state, and local
agency users that verify immigration status through the Systematic
Alien Verification for Entitlements Program. SSA also operates various
verification services. Among these are the Employee Verification
Service (EVS) and the Web-based SSN Verification Service (SSNVS), which
can be used to provide verification that employees' names and Social
Security numbers match SSA's records. These services, designed to
ensure accurate employer wage reporting, are offered free of charge.
Employer use is voluntary, and the services are not widely used.
EEV Would Require An Increase in Capacity at USCIS and SSA
Mandatory electronic employment verification would substantially
increase the number of employers using the EEV system, which would
place greater demands on USCIS and SSA resources. As of May 2007, about
17,000 employers have registered to use the program, 8,863 of which
were active users,\10\ and USCIS has estimated that employer
registration is expected to greatly increase by the end of fiscal year
2007. If participation in the EEV program were made mandatory, the
program may have to accommodate all of the estimated 5.9 million
employers in the United States. USCIS officials estimate that to meet a
December 2008 implementation date, this could require about of 30,000
employers to register with the system per day. The mandatory use EEV
can affect the capacity of the system because of the increased number
of employer queries.
---------------------------------------------------------------------------
\10\ Active users are those employers who have run at least one
query in fiscal year 2007.
---------------------------------------------------------------------------
USCIS has estimated that a mandatory EEV could cost USCIS $70
million annually for program management and $300 million to $400
million annually for compliance activities and staff. The costs
associated with other programmatic and system enhancements are
currently unknown. According to USCIS, cost estimates will rise if the
number of queries rises, although officials noted that the estimates
may depend on the method for implementing a mandatory program. SSA
officials told us they have estimated that expansion of the EEV program
to levels predicted by the end of fiscal year 2007 would cost $5 to $6
million, but SSA was not yet able to provide us estimates for the cost
of a mandatory EEV. According to SSA officials, the cost of a mandatory
EEV would be driven by the increased workload of its field office staff
due to resolving SSA tentative nonconfirmations.\11\
---------------------------------------------------------------------------
\11\ In general, in cases when the EEV system cannot confirm an
employee's work authorization status through the initial automatic
check, the system issues the employer a tentative nonconfirmation of
the employee's work authorization status.
---------------------------------------------------------------------------
A mandatory EEV would require an increase in the number of USCIS
and SSA staff to operate the program. For example, USCIS had 13
headquarters staff members in 2005 to run the program and 38
immigration status verifiers available for secondary verification.\12\
USCIS plans to increase staff levels to 255 to manage a mandatory
program, which includes increasing the number of immigration status
verifiers who conduct secondary verifications.\13\ USCIS officials
expressed concern about the difficulty in hiring these staff due to
lengthy hiring processes, which may include government background
checks. In addition, according to SSA officials, a mandatory EEV
program would require additional staff at SSA field offices to
accommodate an increase in the number of individuals visiting SSA field
offices to resolve tentative nonconfirmations. According to SSA
officials, the number of new staff required would depend on both the
legislative requirements for implementing mandatory EEV and the
effectiveness of efforts USCIS has under way to decrease the need for
individuals to visit SSA field offices. For this reason, SSA officials
told us they have not yet estimated how many additional staff they
would need for a mandatory EEV.
---------------------------------------------------------------------------
\12\ Thirty-eight immigration status verifiers were available for
completing secondary verifications. According to USCIS, at any one time
about 3 to 5 immigration status verifiers work to resolve tentative
nonconfirmations. The other immigration status verifiers work on other
verification programs, such as the Systematic Alien Verification for
Entitlements Program.
\13\ USCIS officials noted that this does not include staff for
monitoring and compliance functions.
---------------------------------------------------------------------------
USCIS and SSA Are Exploring Options to Reduce Delays in the EEV Process
In prior work, we reported that secondary verifications lengthen
the time needed to complete the employment verification process. The
majority of EEV queries entered by employers--about 92 percent--confirm
within seconds that the employee is authorized to work. About 7 percent
of the queries are not confirmed by the initial automated check and
result in SSA-issued tentative nonconfirmations, while about 1 percent
result in DHS-issued tentative nonconfirmations. With regard to the
SSA-issued tentative nonconfirmations, USCIS and SSA officials told us
that the majority occur because employees' citizenship status or other
information, such as name changes, is not up to date in the SSA
database. SSA does not update records unless an individual requests the
update in person and submits the required evidence to support the
change in its records. USCIS officials stated that, for example, when
aliens become naturalized citizens, their citizenship status is often
not updated in the SSA database. In addition, individuals who have
changed their names for various reasons, such as marriage, without
notifying SSA in person may also be issued an SSA tentative
nonconfirmation. According to SSA officials, although SSA instructs
individuals to report any changes in name, citizenship, or immigration
status, many do not do so. When these individuals' information is
queried through EEV, a tentative nonconfirmation would be issued,
requiring them to go to an SSA field office to show proof of the change
and to correct their records in SSA's database.
USCIS and SSA are exploring some options to improve the efficiency
of the verification process. For example, USCIS is exploring ways to
automatically check for naturalized citizens' work authorization using
DHS databases before the EEV system issues a tentative nonconfirmation.
Furthermore, USCIS is planning to provide naturalized citizens with the
option, on a voluntary basis, to provide their Alien Number or
Naturalization Certification Number so that employers can query that
information through the EEV system before referring the employees to
SSA to resolve tentative nonconfirmations.\14\ SSA is also coordinating
with USCIS to develop an automated secondary verification capability,
which may reduce the need for employers to take additional steps after
the employee resolves the SSA tentative nonconfirmation.\15\ USCIS and
SSA officials told us that the agencies are planning to provide SSA
field office staff with access to the EEV system so that field office
staff can resolve the SSA tentative nonconfirmation directly in the
system at the time the employee's record is updated at the field
office. According to SSA officials, the automated secondary
verification capability is tentatively scheduled to be implemented by
October 2007. While these steps may help improve the efficiency of the
verification process, including eliminating some SSA tentative
nonconfirmations, they will not entirely eliminate the need for some
individuals to visit SSA field offices to update records when
individuals' status or other information changes.
---------------------------------------------------------------------------
\14\ According to USCIS, providing these data to employers would be
voluntary to help ensure that naturalized citizens are not subject to
discrimination.
\15\ Currently, once an individual resolves the reason for the SSA
tentative nonconfirmation, the employer must then re-query the EEV
system in order to finalize the verification.
---------------------------------------------------------------------------
USCIS and SSA officials noted that because the current EEV program
is voluntary, the percentage of individuals who are referred to SSA
field offices to resolve tentative nonconfirmations may not accurately
indicate the number of individuals who would be required to do so under
a mandatory program. SSA and USCIS officials expressed concern about
the effect on SSA field offices' workload of the number of individuals
who would be required to physically visit a field office if EEV were
made mandatory.
May Help Reduce Employee Document Fraud, but Cannot Yet Fully Address
Identity Fraud Issues
In our prior work, we reported that EEV enhances the ability of
participating employers to reliably verify their employees' work
eligibility and assists participating employers with identification of
false documents used to obtain employment.\16\ If newly hired employees
present false information, EEV would not confirm the employees' work
eligibility because their information, such as a false name or social
security number, would not match SSA and DHS database information.
However, the current EEV program is limited in its ability to help
employers detect identity fraud, such as cases in which an individual
presents borrowed or stolen genuine documents.
---------------------------------------------------------------------------
\16\ GAO-05-813.
---------------------------------------------------------------------------
USCIS has taken steps to reduce fraud associated with the use of
documents containing valid information on which another photograph has
been substituted for the document's original photograph. In March 2007,
USCIS began piloting a photograph screening tool as an addition to the
current EEV system. According to USCIS officials, the photograph
screening tool is intended to allow an employer to verify the
authenticity of a Lawful Permanent Resident card (green card) or
Employment Authorization Document that contain photographs of the
document holder by comparing individuals' photographs on the documents
presented during the I-9 process to those maintained in DHS databases.
As of May 2007, about 70 employers have been participating during the
pilot phase of the photograph screening tool, and EEV has processed
about 400 queries through the tool. USCIS expects to expand the program
to all employers participating in EEV by the end of summer 2007.
The use of the photograph screening tool is currently limited
because newly hired citizens and noncitizens presenting forms of
documentation other than green cards or Employment Authorization
Documents to verify work eligibility are not subject to the tool.
Expansion of the pilot photograph screening tool would require
incorporating other forms of documentation with related databases. In
addition, efforts to expand the tool are still in the initial planning
stages. For example, according to USCIS officials, USCIS and the
Department of State have begun exploring ways to include visa and U.S.
passport documents in the tool, but these agencies have not yet reached
agreement regarding the use of these documents. USCIS is also exploring
a possible pilot program with state Departments of Motor Vehicles.
In prior work we reported that although not specifically or
comprehensively quantifiable, the prevalence of identity fraud seemed
to be increasing, a development that may affect employers' ability to
reliably verify employment eligibility in a mandatory EEV program. The
large number and variety of acceptable work authorization documents--27
under the current employment verification process--along with inherent
vulnerabilities to counterfeiting of some of these documents, may
complicate efforts to address identity fraud. Although mandatory EEV
and the associated use of the photograph screening tool offers some
remedy, further actions, such as reducing the number of acceptable work
eligibility documents and making them more secure, may be required to
more fully address identity fraud.
Most Employers Complied with EEV Procedures, the Program Is Vulnerable
to Employer Fraud That Diminishes Its Effectiveness and Misuse
That Adversely Affects Employees
While Most Employers Complied with EEV Procedures, the Program Is
Vulnerable to Employer Fraud That Diminishes Its Effectiveness and
Misuse That Adversely Affects Employees.
EEV is vulnerable to acts of employer fraud, such as entering the
same identity information to authorize multiple workers. Although ICE
has no direct role in monitoring employer use of EEV and does not have
direct access to program information, which is maintained by USCIS, ICE
officials told us that program data could indicate cases in which
employers may be fraudulently using the system and therefore would help
the agency better target its limited worksite enforcement resources
toward those employers. ICE officials noted that, in a few cases, they
have requested and received EEV data from USCIS on specific employers
who participate in the program and are under ICE investigation. USCIS
is planning to use its newly created Compliance and Monitoring program
to refer information on employers who may be fraudulently using the EEV
system, although USCIS and ICE are still determining what information
is appropriate to share.
Employees queried through EEV may be adversely affected if
employers violate program obligations designed to protect the
employees, by taking actions such as limiting work assignments or pay
while employees are undergoing the verification process. The 2004
Temple University Institute for Survey Research and Westat evaluation
of EEV concluded that the majority of employers surveyed appeared to be
in compliance with EEV procedures. However, the evaluation and our
prior review found evidence of some noncompliance with these
procedures. In 2005, we reported that EEV provided a variety of reports
that could help USCIS determine whether employers followed program
requirements, but that USCIS lacked sufficient staff to do so. Since
then, USCIS has added staff to its verification office and created a
Compliance and Monitoring program to review employers' use of the EEV
system. However, while USCIS has hired directors for these functions,
the program is not yet fully staffed. According to USCIS officials,
USCIS is still in the process of determining how this program will
carry out compliance and monitoring functions, but its activities may
include sampling employer usage data for evidence of noncompliant
practices, such as identifying employers who do not appear to refer
employees contesting tentative nonconfirmations to SSA or USCIS. USCIS
estimates that the Compliance and Monitoring program will be
sufficiently staffed to begin identifying employer noncompliance by
late summer 2007.
USCIS's newly created Compliance and Monitoring program could help
ICE better target its worksite enforcement efforts by indicating cases
of employers' egregious misuse of the system. Currently, there is no
formal mechanism for sharing compliance data between USCIS and ICE. ICE
officials noted that proactive reduction of illegal employment through
the use of functional, mandatory EEV may help reduce the need for and
better focus worksite enforcement efforts. Moreover, these officials
told us that mandatory use of an automated system like EEV could limit
the ability of employers who knowingly hired unauthorized workers to
claim that the workers presented false documents to obtain employment,
which could assist ICE agents in proving employer violations of IRCA.
Concluding Observations
Although efforts to reduce the employment of unauthorized workers
in the United States necessitate a strong employment eligibility
verification process and a credible worksite enforcement program and
other immigration reforms may be dependent on it, a number of
challenges face its successful implementation. The EEV program shows
promise for enhancing the employment verification process and reducing
document fraud if implemented on a much larger scale, and USCIS and SSA
have undertaken a number of steps to address many of the weaknesses we
identified in the EEV program. USCIS has also spent the last several
years planning for an expanded or mandatory program, and has made
progress in several areas, but it is unclear at this time the extent to
which USCIC's efforts will be successful under mandatory EEV. It is
clear, however, that a mandatory EEV system will require a substantial
investment in staff and other resources, at least in the near term, in
both agencies. There are also issues, such as identity fraud and
intentional misuse, that will remain a challenge to the system.
Implementing an EEV system to ensure that all individuals working in
this country are doing so legally and that undue burdens are not placed
on employers or employees will not be an easy task within the timelines
suggested in reform proposals.
This concludes my prepared statement. I would be pleased to answer
any questions you and the subcommittee members may have.
Chairman MCNULTY. We thank all of the witnesses for their
testimony. Let me just begin by generally framing the issue,
and then we will go to some of my colleagues for questions.
This Committee has been working for some time, and as a
matter of fact for some years, on the whole issue of the
backlog in the disability claims and so on, and all of the
problems related to that. And the situation as it exists right
now I believe is a national embarrassment. When people are
legitimately entitled to a government benefit and come to the
government to apply for that benefit, and are told, you have to
wait a year and a half or two years just to get an answer, I
think that is a disgrace.
So we are working on that as a separate issue, and we made
some progress in the budget resolution this year, and we hope
to have some results during the appropriations process.
With that as a backdrop, when I look at this issue I see a
massive new undertaking here that is going to cost an awful lot
of money and require an awful lot of additional backup. I just
want to elicit from you your views as to how effective you
think we can be in a reasonable timeframe in setting up such a
new system.
Now, Mr. Schaeffer, you mentioned additional visits to
field offices. If we were to expand this program to the
estimated 60 million new hires this year, how many additional
field office visits do you think that would entail?
Mr. SCHAEFFER. I would hesitate to put an exact number, but
it would be a substantial increase on the visits that are now
taking place, and without increased staff, would obviously lead
to the disability backlog problem probably being exacerbated as
opposed to being addressed timely.
Chairman MCNULTY. Based upon how past Administrations and
Congresses have addressed the backlog issue, how confident are
you that the resources would be there?
Mr. SCHAEFFER. I would refer to Mr. Streckewald to answer
that question.
Chairman MCNULTY. That is fine.
Mr. STRECKEWALD. I really can't hazard a guess, but our
position is that we can do whatever Congress asks us. We always
have, but need to be funded for it. This, as you said, Mr.
Chairman, is a huge new workload for us if we go to mandatory
EEVS. I think the estimate of 2 or 3,000 more work years, more
people, hundreds of millions of dollars of more money each
year, is in the ballpark.
We need time to hire, equip and train new people so that
they can do this. We don't know if we would expand our field
offices. We would probably try to fit them into the existing
field offices and tele-service centers. Our position is we hope
Congress does see the need to fund us for this workload so that
it doesn't disrupt our other critical workloads. As you
mentioned, one of them is a top priority--the disability
hearings.
Chairman MCNULTY. Could you be any more specific with
regard to the additional number of work years that would be
involved?
Mr. STRECKEWALD. We are still working on our final figures.
We are looking at a couple of key elements that get us to that
figure. One critical element is the fallout rate. Right now,
for every 100 queries, we have three contacts to the field
office or the tele-service centers.
So, we are trying to use these key elements as a base and
think through what a mandatory system would look like instead
of a voluntary system because our assumption is that companies
that volunteer for EEVS probably have fewer people trying to
pass off as legal workers.
So, we have roughly, in our estimates for mandatory EEVS
that we are working on now, doubled the full-out rate. So, we
figured it may be as high as 6 percent fallout rate. That
fallout rate means that 6 percent of, let's say, 60 million new
hires per year will be 3.6 million extra visits or phone calls
to our field offices.
Each one of those takes 15 to 20 minutes to resolve, and
most of them will be resolved, as my colleague said, in
probably just a short period of time. Some of them may take a
little longer if we have to go through some additional
verification processes.
That is the business process that we already are set up to
do. It would just greatly increase the volume of that business
process. That is why the funding is so critical.
Chairman MCNULTY. As we move along further in this process
and you do your additional analysis, can you give us more
specific information?
Mr. STRECKEWALD. I would be glad to do that, and work with
the Committee to do that.
Chairman MCNULTY. Great.
Mr. Johnson.
Mr. JOHNSON. Thank you, Mr. Chairman.
I would like to follow up on that, Mr. Streckewald. Why do
you need more money and employees if it is all computerized?
Theoretically, according to the way I am told it operates, you
punch a button and a guy gets an instant response. You just
said that.
Mr. STRECKEWALD. Now, 92 percent of the time, you are
right. Employers get an instant response. What we are looking
at is the ones that don't have an instant response, the ones
that don't match our records. It is about 7 percent for our
records, I think 1 percent for DHS records.
So, if you look at 7 percent, out of that, some people
would never contact SSA because they are illegal workers. A lot
of them are legal workers, are citizens, where their records
just don't match our records. So, they come into our offices.
They show us the proofs that they need to show. We change our
records to make sure that they are up to date and then they fit
what the employer has. Then employees are authorized to work,
and life goes on.
There is a lot of work, depending on the volume, if we go
to a mandatory EEVS.
Mr. JOHNSON. How do you report the ones that don't check
out? Do you report them to----
Mr. STRECKEWALD. The ones that come through the system and
are verified?
Mr. JOHNSON. That aren't verified.
Mr. STRECKEWALD. Well, we do have a system for reporting
those, and we are working on a system that allows us to report
back to the employer to tell them the status of the resolution
of the mis-match. So, we are building that system so that the
employers will know and we will know and DHS will know how many
cases we get and what the resolution of each case is.
Mr. JOHNSON. Thank you. It is amazing to me that MasterCard
and Visa can do it instantly all over the world, and you can't
do it here.
Mr. Stana, Mr. Rotenberg, a witness on our next panel,
tells us last month the Department of Homeland Security lost
the employment records of 100,000 Federal employees containing
names, Social Security numbers, dates of birth, and bank
account information.
At a time when we are considering a massive expansion of
the collection of personal information by DHS, how can we be
sure that DHS can adequately safeguard workers' personal
information?
Mr. STANA. Well, let me say right up front that GAO has not
done a stress test, a privacy test, or we haven't done any
penetration testing of the system. We have spoken with DHS
about their system, and they capture this sensitive information
on an Oracle database. They have done privacy testing, and they
are of the opinion that they can safeguard the records. They
have done the privacy checks in accordance with law.
Now, having said that, any time you collect data on
hundreds of thousands or millions of people, there is always
the chance that something may go awry. By the way, the 100,000
example you used, I believe, was a TSA laptop. This is a little
bit different. This is a mainframe application, mainly.
Now, we have watched--as Members of the Subcommittee may
have--watched USCIS test the EEVS system using a phony name to
see what happens. The EEVS system is password protected, and it
does have the certain kinds of protections that you would
expect to see in remote applications.
So, I guess it would remain to be seen exactly how safe it
is. They do need to keep information in these databases because
they do want to do pattern testing over time. So, another issue
is how long do they keep the information? and DHS hasn't really
resolved that yet, either.
Mr. JOHNSON. Well, thank you. According to what I
understand, less than 1 percent of the employers are
participating in that program now. On page 8 of your testimony,
you say that according to DHS, in order to begin implementation
for all employers beginning in December 2008, you need 30,000--
or 30,000 employers would be required to register with the
system per day.
With that, substantial investment will be needed in staffs,
systems, resources. Can you assure the Congress that such an
enormous data collection processing system can be established?
Mr. STANA. If you ask them to put something in place,
something will be in place. Something is in place right now,
and it has 17,000 registrants, and 8800 consistent users.
Mr. JOHNSON. Is the ``something'' going to work? Is that
system going to work?
Mr. STANA. They are trying to expand EEVS to about 6
million businesses. It is a very hard thing to do. If I could
just put it into perspective, everyone on the dais is working
on a two-year term, and there are approximately 18 months left
in your term.
So, if you figure it that way, by the end of your term of
office for this term--whether you go on to the next term is
another thing--DHS has to hire 255 program staff, 1800
monitoring staff, procure office space, develop operating
procedures, inform employers how to work the system, support
worksite enforcement areas, register approximately 30,000
businesses per day starting now. The longer you wait----
Mr. JOHNSON. Well, how did you get those figures? You said
GAO hasn't even looked at it yet.
Mr. STANA. Oh, no. We looked at the program. We did not
look at the stress testing on the computer system. These are
all things that would have to be done so that by December 2008,
it is ready to service 5.9 million employers.
Now, there are ways to manage that. You can phase it in, or
you could enroll certain industries first, perhaps those
involving critical infrastructure. That is what it would take.
Mr. JOHNSON. I am over my time. Thank you, Mr. Chairman.
Chairman MCNULTY. Thank you, Mr. Johnson.
Mr. Levin may inquire.
Mr. LEVIN. So, what would be the cost of what you just
read?
Mr. STANA. What USCIS estimated for the first year of
operation, I believe, was $70 million in management costs and
about $300 to $400 million for compliance and investigative
staff. That doesn't include computer upgrades that would be
necessary. It doesn't include ICE investigators that follow up
on any leads of employer abuse of employees or misuse. It is
going to be substantial.
Now, having said that, any immigration expert would
probably tell you that of the handful of things that are must-
haves in an immigration reform proposal, this would be one of
them. So, it is probably more a question of what type of a
verification program you have, not whether you would have one.
Mr. LEVIN. I think the Senate is going to be acting. They
may act this week. And the odds seem to be that they are going
to pass a bill. And so the odds are that we are going to need
to address this in the House. And so we need to begin to
prepare for the possibility, if not the probability.
To pick up what the Chairman said, who is doing the hard
work of itemizing the costs of this? Who is doing that?
Mr. STRECKEWALD. In Social Security, we have a budget shop
that works with the systems people and the programs people, and
our field office people, everybody that has a role in this.
They have a process they go through for any new workload. They
try to budget it and figure what the total cost would be. They
are just now revising those figures, so we don't have them here
today. We will be happy to, again, submit them when they are
available.
Mr. LEVIN. When is that going to be?
Mr. STRECKEWALD. When is that going to be?
Mr. LEVIN. More or less?
Mr. STRECKEWALD. More or less, it should be shortly. I
don't know exactly when, but in the next few weeks or shorter,
I would guess.
Mr. LEVIN. No. I think if it is a few weeks, it will be
before we pass the bill.
Mr. STRECKEWALD. What has been very helpful to us in
getting ready for this has been the expansion of the system
that DHS and SSA have partnered in. DHS is registering more
employers onto the system, which means we both have to build
greater capacity, and we have to make sure our business
processes are sound, and we have to move forward on building
additional functionality into the system.
So, that is in essence preparing us for great expansion,
just by preparing for moderate expansion.
Mr. LEVIN. Yes, but there is a cost to that, too. Right?
Mr. STRECKEWALD. Yes, there is. We have a reimbursable
agreement that we have developed between DHS and SSA that is
not yet signed, but at this point I think it is with the
lawyers from each agency, looking to make sure everything is
right from their agency's perspective.
Mr. LEVIN. And it has a cost estimate?
Mr. STRECKEWALD. It has a cost estimate in there for this
year. It is based upon----
Mr. LEVIN. When you say for this year, you mean----
Mr. STRECKEWALD. 2007.
Mr. LEVIN. This fiscal year?
Mr. STRECKEWALD. Right.
Mr. LEVIN. And who is making the projection for next fiscal
year?
Mr. STRECKEWALD. Well, that is the budget shop that I was
talking about a little bit earlier. They are waiting to see
what the exact elements of a bill will be, and then they will
plug in those provisions and do the math and come up with an
estimate.
Mr. LEVIN. So, you would expect that there will be
available to the Congress within the next short period a
detailed itemization of what this would cost, assuming there is
complete coverage. What kind of timeline is being assumed, and
which bill?
Mr. STRECKEWALD. For getting it implemented, from our
perspective? I think the timeline--the ramp-up approach--that
is in the current bill is probably sufficient for us. It kind
of starts slowly, then builds up.
Mr. LEVIN. When you say the current bill, you mean?
Mr. STRECKEWALD. The Senate bill.
Mr. LEVIN. The Senate bill.
Mr. STRECKEWALD. It starts over a several-year period,
starts with critical infrastructure, moves to new hires, and
then moves to everybody, your whole payroll. So, that allows
us--as long as we get the money early in the fiscal year--it
allows us to hire, train, and equip new employees to deal with
the increased business and increased workload.
As that ramps up, so will our efforts to hire, train, and
equip new employees. So, we think that that is very doable with
the appropriate funding at the beginning of each year.
Mr. LEVIN. The appropriate funding is going to be major, is
it not?
Mr. STRECKEWALD. Well, as I mentioned, in the neighborhood,
if you will, without giving any specific figures yet because
they are not done with our estimates, it could be in the peak
years as much as 2 to 3,000 work years or, as I say, people,
extra people, new hires, and up to $300 million a year during
the peak years. So, that is significant for us.
Mr. LEVIN. Two to 3,000? That is included in the figure you
gave?
Mr. STRECKEWALD. Yes. I tried to convert it to millions of
dollars. Basically--the major cost of that is people.
Mr. LEVIN. As I close, Mr. Chairman, I think that
underlines the need for this Congress and the Administration to
face up to the additional costs, because we do not want it to
deter the effort to get hold of the disability issue. You are
going to be very blunt and direct about what is needed, right?
Mr. STRECKEWALD. We are going to have our estimates
shortly, and I will make sure that everybody is aware of them.
Mr. LEVIN. Thank you.
Chairman MCNULTY. Mr. Streckewald, what about the old
estimate I saw here of the agency estimating that it would cost
approximately $10 billion to issue these new cards?
Mr. STRECKEWALD. That estimate----
Chairman MCNULTY. That estimate is in the budget of Social
Security.
Mr. STRECKEWALD. Yes. We were talking about a different
process here. If we are talking about issuing new cards--I
think the $10 billion was reference to new cards----
Chairman MCNULTY. Right.
Mr. STRECKEWALD [continuing]. What we had been talking
about was the fallout from the employer verification system. If
we go to issuing new cards to all new workers of all people in
the United States over 14 years of age. Yes, that figure is
still approximately right. If you did it over 2 years or 5
years, it is going to take about $10 billion to issue new cards
to most of the people in the United States. I don't think it is
much different today. It might be a little higher today than
when that was estimated a year ago.
Chairman MCNULTY. And I would again state for the record
that is more than the entire SSA operating budget right now.
Mr. STRECKEWALD. That is right.
Chairman MCNULTY. Mr. Lewis may inquire.
Mr. LEWIS. Thank you, Mr. Chairman.
I just want to go back to the privacy issue just for a
minute here. Mr. Schaeffer, your office supports data sharing
and disclosure restrictions between the Social Security
Administration and the Department of Homeland Security. At the
same time, I am sure you would agree that the importance of
protecting the privacy of taxpayers is important.
So, what information should be shared with the Department
of Homeland Security?
Mr. SCHAEFFER. Well, currently there is a limit on the
information that we can share because of IRS rules and
regulations. Some of the information that may be useful to
share if you really want to get a handle on people working in
the country illegally would be to focus on the employers that
consistently have a large number of items going into the
earnings suspense file, which means that the name and the
Social Security number could not match up within SSA's records
to a legitimate number holder; and then have the appropriate
enforcement action take place.
It is really difficult to try to go after the individuals
because you are really talking about millions of items that are
going into the ESF. So, the number of employers are much more
finite, and that is where it starts with. These employers are
giving individuals a job where their name and Social Security
number do not match up to SSA's records.
Mr. LEWIS. Mr. Stana, would you like to comment?
Mr. STANA. You know, I would be a little cautious about
sharing a lot of data quickly with DHS if I were in SSA's
shoes. The reasons are that, first, we haven't had the full
certification testing of the databases, and we'd just want to
make sure that they are in good shape security-wise.
Second, the data that has been available to DHS in the
past, hasn't been used. So, why would you want to release a lot
of information that they are not likely to use? Certainly SSA
would want to, on a case by case basis, at least, start out and
to DHS say, what is most useful to you, how can we help you,
and let's limit it to that initially.
Once, DHS ramps up its compliance units, maybe there will
be opportunities for more broadly sharing information. I think
the kind of information that would be most useful to them,
knowing how their worksite and employer/employee compliance
efforts work, the kind of information that would be most useful
would be information dealing with Social Security numbers over
time that keep being used again and again by workers or
employers.
Information about patterns over 10 years of noncompliance
might be in the earnings suspense file, maybe in other
documents or databases. I would be very carefully initially
about opening it up wholesale until we really had a better
sense of what is useful.
Mr. LEWIS. Very good. Thank you.
Chairman MCNULTY. Thank you.
Mr. Becerra may inquire.
Mr. BECERRA. Thank you, Mr. Chairman. Thank you to all of
you for your testimony. And Mr. Chairman, thank you for this
timely hearing. I think it is important for us to move on this
as quickly as we can in the event there is comprehensive
immigration reform.
Gentlemen, let me ask a question, and first focus on the
cost of the current EEVS system. I suspect I should probably
first ask Mr. Streckewald this: How much did the EEVS system
cost the SSA to administer or to conduct last year, in 2006?
Mr. STRECKEWALD. It cost us $891,000.
Mr. BECERRA. Under an agreement you have with DHS, Homeland
Security, you are to be reimbursed for those costs of doing
those inquiries?
Mr. STRECKEWALD. Yes.
Mr. BECERRA. Have you yet been reimbursed?
Mr. STRECKEWALD. No. Not for that money.
Mr. BECERRA. Are you expecting to be reimbursed?
Mr. STRECKEWALD. We hope to be reimbursed.
[Laughter.]
Mr. STRECKEWALD. I assume our lawyers are still working to
resolve it, but that is almost a million dollars. That is a lot
of money. Actually, it is a million if you count a little bit
of money left over from 2005 that they weren't able to pay us.
So, approximately a million dollars, and to us every million
counts. So, we do hope to get that money reimbursed.
Mr. BECERRA. You mentioned a scary word, lawyers. Is there
a reason why a Federal Government agency, SSA, is having to
employ its lawyers to talk to another Federal Government
agency, the Department of Homeland Security, when it has an
agreement, a document, that says that it is to be reimbursed?
Mr. STRECKEWALD. I can't speak to that. I know that DHS
felt that it didn't get the funding in order to be able to
reimburse us, and we said, well, we are doing work here. So
there has been a friendly, so far, exchange of arguments. I
hope that it does get resolved where we are reimbursed for the
money. I don't disagree with the point you are making.
Mr. BECERRA. Mr. Chairman, we may want to inquire of DHS
when we have that opportunity.
My understanding is, and you can correct me, Mr.
Streckewald, if I am wrong, but that for every million dollars,
you could conduct some 565 additional disability hearings to
help reduce that backlog of over 1.3 million cases of Americans
waiting to have their disability claim processed through SSA.
Mr. STRECKEWALD. That is true.
Mr. BECERRA. So for every million dollars that DHS doesn't
reimburse you, under which they have an agreement to do so,
then you have to either cut back on services or allow those
individuals to wait even longer as they wait for their hearing
to determine if they should be receiving disability benefits.
Mr. STRECKEWALD. You are right.
Mr. BECERRA. How much have you spent so far to date doing
the inquiries that are required under the EEVS system, the
employment verification system, for DHS?
Mr. STRECKEWALD. This year?
Mr. BECERRA. Yes.
Mr. STRECKEWALD. We have had 1.8 million inquiries, or
queries. So, what we are doing is setting up a reimbursable
agreement for the rest of the year because this was----
Mr. BECERRA. If you could try to just give me the answer. I
apologize. It is just that I am going to run out of time. How
much do you estimate you have spent to date conducting EEVS
services for DHS?
Mr. STRECKEWALD. Well, I think it would be in the
neighborhood of $2 million that SSA has not been reimbursed
because last year it was nearly a million. This year, so far,
we are about the pace of last year. So, approximately $2
million. We could probably submit the exact number for the
record. [INSERT]
Mr. BECERRA. Could you do that? My understanding from some
of the information we received from Committee staff was that it
was now exceeding $5 million.
Mr. STRECKEWALD. $5.9 million is the amount for all of FY
2007. We have a reimbursable agreement that we are working on
with DHS. They say they are going to sign it and that they have
the money this year. So, for FY 2007, it is about $5.9 million,
and that would cover us.
Mr. BECERRA. I see. So, that is the projection for the
entire year 2007?
Mr. STRECKEWALD. Yes. Yes.
Mr. BECERRA. Maybe we can help because I think it is
outrageous that you are conducting a service that is outside
the core mission of your work for an agency under which you
have an agreement to do this, which is essential work, yet you
are having to underfund your programs that are helping lots of
Americans who are in desperate need in some cases of this
assistance.
So, perhaps, Mr. Chairman, we can try to lend a hand to SSA
to try to get reimbursed for the monies it is due for the work
that it is done.
Let me ask a question with regard to error rates. I know
this has always been an issue with regard to the SSA and the
Social Security card because the Social Security number was
never meant to be a data-confirming number other than for
purposes of Social Security benefits.
Tell me when I am wrong. I understand from an inspector
general report that was done back in December 2006--and Mr.
Schaeffer, please tell me if I am incorrect on this--I
understand that there are about 17.8 million employees who are
erroneously categorized as nonconfirmed in these checks that
are done simply as a result of discrepancies that are related
to their name, birth date, or citizenship status.
So, if someone gets married, the current file doesn't
reflect that that individual has changed his or her her name as
a result of marriage. There are 17.8 million employees who
don't check out. That is about 4.1 percent.
Mr. SCHAEFFER. That is basically correct. I wouldn't say
they are all employees. That is of the active Social Security
numbers in SSA's database, which theoretically they all could
be employees, but they all may not be employees.
Mr. BECERRA. Thank you for that correction. There are
approximately about 5 million new hires per month in this
country, more or less?
Mr. SCHAEFFER. Right.
Mr. BECERRA. So, if you take that 4 percent error rate and
apply it to the 5 million or so new hires that occur every
year, and you are talking about somewhere close to--or over
200,000 Americans on a monthly basis, about 2.5 million people
on a yearly basis, who could, based on discrepancies, be
misidentified as not eligible to work using the current Social
Security database with its current list of errors. Have I said
anything wrong here?
Mr. SCHAEFFER. No. That is theoretically possible. One
would hope that things would get better over time.
Mr. BECERRA. And, of course the error rate is higher, my
understanding is, for foreign-born U.S. citizens. So, if you
happen to be born in another country but you have citizenship
by birthright, by your parentage, or for individuals who have
come to this country and have since become citizens, the error
rates are even higher for them.
Mr. SCHAEFFER. That is correct.
Mr. BECERRA. Mr. Streckewald, you wanted to say something?
Mr. STRECKEWALD. Yes. I don't disagree with your figures. I
would maybe just clarify by saying that it is tentative
nonconfirmation. You are right, they are going to be told
tentatively it looks like you don't have authorization to work.
They come in to us, we straighten it out, and then they are
authorized to work.
So, it is not pleasant to have to do that, but it gets
updated and they get to work.
Mr. BECERRA. Mr. Chairman, I know my time has expired so I
won't ask any more questions other than to just make the
following point. My understanding is that your field offices
serve some 42 million visitors a year. You have lost--Social
Security Administration has lost--some 2,400 positions in the
past 19 months, and you are at your lowest staffing level now
that you have been since the 1970s.
Your processing time in most cases in most offices takes
over 900 days. You requested a budget of President Bush
totaling $10.4 billion. The President's budget allotted Social
Security Administration $9.6 million. That is an $800 million
loss right there.
With all of these tasks that are placed upon you and with
the burdens fiscally that you have, Mr. Chairman, I think it
becomes very obvious that we have to really examine this and
try to help make sure that SSA not only gets reimbursed from
DHS for money that it is due, but also that we get the
resources to the agency to make sure that if we do move forward
on immigration reform, they are able to do this, and not at the
expense of Social Security applicants for disability benefits
or Social Security benefits.
Thank you.
Chairman MCNULTY. Mr. Ryan may inquire.
Mr. RYAN. Thank you. First of all, Mr. Chairman, I want to
thank you for having this hearing. Very good timing on this. We
need to do this.
As I look at this and I see this immigration bill most
likely passing the Senate, it seems, and probably next week, is
what we hear, and then coming our way, we really have to get
our hands around this. I think most Members of Congress believe
we need comprehensive immigration reform.
Then when you look at comprehensive immigration reform,
most people conclude a central premise of that is an airtight
worker verification system. So, we all kind of agree that that
is necessary.
Then when we look at this system, the word fiasco comes to
my mind, to be honest with you. I guess here is the couple
questions I want to ask. Number one, do you really believe we
could get this thing up and running in 18 months and have a
minuscule error rate? Do you really believe that?
Mr. STRECKEWALD. From Social Security's perspective, I
think we will. Again, the funding is critical, but we have
risen to challenges that we have been faced with. We will get
it done.
I can't speak to what the error rate will be, but right now
it is at about three contacts for every hundred queries. We
would like to get that down, but it is unknown in the future
what that will be if all employees must go through the system.
We can get it done with the proper funding.
Mr. RYAN. Then what pieces of personal information does
Homeland Security think they are going to need at the end of
the day to make this work?
Mr. STANA. First, if I might address the question this way.
Mr. RYAN. Sure. I would appreciate that.
Mr. STANA. To say the least, this is going to be a
tremendous challenge. You are talking about signing up 30,000
employers per day from now until December 2008. What if
employers wait until fall 2008 to enroll? Then there's the need
to hire staff. Do background checks. Get office space. Procure
new computer equipment. You never say never, and something will
probably be available in December 2008. Is it going to be
something that 5.9 million employers can use? It is going to be
a challenge for DHS.
Now, your other question was dealing with the----
Mr. RYAN. The pieces of information, all the pieces you
think they need.
Mr. STANA. The information that goes to Social Security for
EEVS, I believe, are name, Social Security number, and date of
birth. That is what goes, and it is checked against the
Numident database. The information for checking against DHS
databases include the name and the A number, alien number, or
the employment authorization number. That is the extent of the
information used. They get either a confirm or nonconfirm.
Mr. RYAN. The goal of the system is twofold. Right? You are
who you say you are, and you are eligible to work in this
country.
Mr. STANA. Also you are work-authorized.
Mr. RYAN. Right?
Mr. STANA. Yes.
Mr. RYAN. Have you ever considered the idea of maybe having
a private-based identity system for identifying who you are,
and then referencing the Social Security database to see if you
are eligible to work or not? Have you ever considered those
kinds of ideas, those kinds of systems?
Mr. STANA. GAO hasn't seen those kinds of things being
seriously considered. I have heard discussions of using other
means. Mr. Johnson mentioned, swiping a credit card, and why
can't you get the verification done quicker?
Mr. RYAN. Yes. Right.
Mr. STANA. I have heard of using private sector facilities
like credit card terminals but one of the stoppers, frankly, is
getting the right equipment out to the employers to use for
this quick verification. Right now it just requires a computer
and Internet access. If you want to do something more with
biometrics, it may require something more sophisticated. I have
heard the ``credit card'' solution tossed around, but not
seriously considered.
Mr. RYAN. So, $370 million is the number I just heard when
I added up all that you said you think you need, Mr.
Streckewald. So, $370 million I am taking as sort of the
minimum up-front cost annually to get a system like this going.
You are going to give us----
Mr. STRECKEWALD. We don't have the exact figures yet, but--
--
Mr. RYAN. But you are going to give us a budget estimate in
about three or four weeks, you told Mr. Levin?
Mr. STRECKEWALD. I hope to be able to. We will get it to
you as soon as it is done.
Mr. RYAN. So, that number will probably go up to half a
billion?
Mr. STRECKEWALD. That was the figure for DHS. Three to $400
million for compliance staff, and another $70 million for
program management. So, it could be $370 to $470 million.
Mr. RYAN. By the end of our terms, we are going to be--I
don't see a clock so I don't know what my time is--but by the
end of our terms here, by 18 months, we are expecting every
employer to verify every--actually, it is a four-year staggered
process. Correct? So, can you walk me through that? I am not
precisely familiar with the Senate bill, but it is--how do they
roll in who all is checked?
Mr. STRECKEWALD. If I recall----
Mr. STANA. I have got that.
Mr. STRECKEWALD. Why don't you go ahead. It does ramp up.
Mr. STANA. There are two----
Mr. RYAN. What is the ramp-up?
Mr. STANA. Gutierrez-Flake is a different version, but I
can give you both, if you like. The Senate version is in six
months you want all new employees hired after the act is passed
in critical infrastructure and government to be verified. By 18
months, you want new employees in all sectors to be verified.
After three years, you want all employees, old and new to be
verified. That is the Senate proposal.
Mr. RYAN. Three years? Okay.
Mr. STANA. On the Gutierrez-Flake proposal, the STRIVE Act,
it is in year one, all employees working in critical
infrastructure are to be verified. In year two, all large firms
with 5,000 or more employees would have their employees
verified. In the third year, mid-size firms would be added. In
the fourth year, employees in small firms would be verified.
Those criteria could probably be adjusted if need be.
This gets to the stress that is put on the field offices.
It depends on how you manage EEVS implementation. Once an
employee's data is validated in NUMIDENT, he or she is probably
not going to get nonconfirms when seeking employment in the
future unless there is a name change due to marriage, for
example.
Mr. RYAN. Well, I would simply just say, Mr. Chairman, I
think we owe it to our constituents, our colleagues, and our
country to try and fix this or figure this out if this train is
really coming on the rails as fast as it looks like it might
be.
I would like to look into the possibility of not
necessarily having a centralized database but a decentralized
database, where we can use some of the ingenuity that is going
out there in the private sector.
So, with that, I yield. Thanks.
Chairman MCNULTY. Ms. Tubbs Jones may inquire.
Ms. TUBBS JONES. Thank you, Mr. Chairman. Gentlemen, I
apologize for being late. In Congress they give us lots of
things to do.
I want to speak to Mr. Streckewald. You are real
optimistic. You oversee the disability and income security
programs. Do you know how many people there are in America that
are waiting for a disability determination? We haven't fixed
that yet, to then give you a greater responsibility of doing an
employment verification system.
How many people do you need to fix that part before you do
employment verification?
Mr. STRECKEWALD. Well, we are still looking at what
approach will work best. My understanding, we have come up with
a multi-faceted approach that not only looks at the old cases
to try to get them out and get decisions on them, but also
tries to sort through the new ones so that they don't become
the old cases. So, I think the Commissioner is coming out with
a plan shortly on that.
Ms. TUBBS JONES. Then we are trying to figure out how we
hire the employees to do the work that needs to be done. The
issue was that there is a 10-year-old list of hearing officers
and we have to hire some new ones.
So, in employment verification, it is likely there is going
to be a list, that we have to put the list together to hire the
people from the list, and on and on and on? Come on. Be real
with us. I know the Administration is saying what you can do,
but the reality is that this is not going to happen. I know you
don't want to say it. I am going to say it for you. This ain't
going to happen.
[Laughter.]
Mr. STRECKEWALD. We like to think with proper funding, this
particular business process is doable. I apologize for seeming
overly optimistic.
Ms. TUBBS JONES. You know, that is what we heard about--and
I am not pointing individually at you or any of your colleagues
at the table. Realism has to set in somewhere in this process
so that there is not an anticipation by the people of America
that we can do what people are talking about doing within 18
months.
I am more of a person that would say I love individual
ingenuity, and privatization is something that could happen,
but I also like people having jobs that are guaranteed and
secure. There are people who would love to come and work at the
Government till and have an opportunity to pursue this.
So, I would like to encourage you to figure out, if
everybody else is doing it, why can't the Federal Government do
it? Why can't we come up with a system by which we can do the
work of employment verification?
I could ask a lot of questions, but the bottom line for me
is, tell me the truth. Don't--and I am not saying you are
lying--don't misunderstand me, but don't make me anticipate
more than I am really going to get.
Mr. Chairman, Ranking Member, thank you so much for the
opportunity to ask the questions. I am running. Thanks.
Chairman MCNULTY. The Ranking Member has an additional
question.
Mr. JOHNSON. Mr. Schaeffer and Mr. Stana, I would like to
ask you this one question: Is it possible to achieve a tamper-
proof, fraud-resistant ID card?
Mr. STANA. Is it possible?
Mr. JOHNSON. Yes. I want to listen to him first.
Mr. SCHAEFFER. I would say anything is possible. However,
the probability of achieving that, I think, would be very
difficult. Most things that happen in that, once the card is
out there and the people that want to circumvent that, once
they start reverse engineering, almost always they develop the
ability to do so.
So, you may have a tamper-proof card today and it may last
for a period of time. It may not be--to me, the probability
that the tamper-proof card that you develop today, for it
lasting forever, I would say a very small probability, that you
would have to continually be revising that card, with the
associated cost associated with it, to have to stay one step
ahead of those who would be looking at a way to defeat it.
Mr. JOHNSON. Mr. Stana?
Mr. STANA. I would say it is possible. If you put the right
security features on an identity card, it might be useful for
some time. Those security features would be mainly biometric--
retina scans, enhanced fingerprints, other digital information.
I would also note for this purpose of verifying that the
person who is sitting in front of you, if you are the
employer--is the individual who they say they are--would
probably require some expensive equipment for employers to
maintain. So, that is the other aspect of it.
There are secure cards that are used to verify identity in
top secret locations, and I suppose you could use those kinds
of cards. I agree with my friend here that it is a matter of
time before secure cards and systems get hacked. You would have
to probably renew a card periodically to keep it reliable and
secure.
Mr. JOHNSON. Thank you, Mr. Chairman.
Chairman MCNULTY. I thank all of the members of the panel.
Members may have additional questions that they want to submit
to you in writing, and I would ask that you would reply to
them. I would ask you to respond to some staff inquiries that
we may have as a result of your testimony at the hearing today,
too.
Mr. Streckewald mentioned that the Social Security
Administration has risen to past challenges. I believe he is
correct, when--and you had that big qualifier there--when the
proper resources are made available.
So that is a big qualifier on this whole issue. I would
submit to you that the resources have not been made available
with regard to the disability backlog. That is why that is an
unmitigated disaster.
There is no reason why a citizen of the United States of
America should come to the Social Security agency or to a
Member of Congress with an application for benefits, and be
told, we will get back to you in a year and a half or two
years.
That is a disgrace. That is because you don't have the
proper resources to do that. So, before we embark on any new
big expanded program, one of my main concerns is going to be to
make sure that if we do this, that we do have the proper
resources.
We thank all the members of the panel. We will now hear
from panel two.
[Pause.]
Chairman MCNULTY. We thank all of the panel members for
being here. Let me just begin by introducing the panel members.
Tyler Moran, Employment Policy Director of the National
Immigration Law Center.
Angelo Amador, Director of Immigration Policy, U.S. Chamber
of Commerce.
Sue Meisinger, President and CEO, Society for Human
Resource Management, on behalf of the Human Resource Initiative
for Illegal Workforce.
Peter Neumann, Principal Scientist, SRI International, on
behalf of U.S. Public Policy Committee of the Association for
Computing Machinery.
Marc Rotenberg, Executive Director, Electronic Privacy
Information Center.
So, we thank all of you for being here. Your entire
testimony will be included in the official record. We ask that
you summarize your comments to stay within 5 minutes. You see
the little prompter in front of you; when the amber light comes
on, we ask you to try to wrap up and conclude when the red
light appears.
Again, we thank you for taking time out of your busy
schedules to help us address this issue. We will start with Ms.
Moran.
STATEMENT OF TYLER MORAN, EMPLOYMENT POLICY DIRECTOR, NATIONAL
IMMIGRATION LAW CENTER, BOISE, IDAHO
Ms. MORAN. Good morning, Chairman and Mr. Johnson, Members
of the Committee. Thank you for the opportunity to allow me to
address the critical issue of EEVS, or EEVS. This issue has not
received the attention it deserves, and so it is critical that
this Committee is holding a hearing today.
My name is Tyler Moran. I am the Employment Policy Director
for the National Immigration Law Center. NILC is a nonpartisan
national legal advocacy organization that works to promote and
advance the rights of low-income immigrants and their families.
NILC has tracked the Basic Pilot Program since it was
implemented in 1997, and we have extensive experience assisting
immigrant advocates in responding to problems with the program,
including the way in which it has been used to adversely affect
workers.
Because of this experience, we do not support a mandatory
EEVS. However, because it enjoys almost universal support in
Congress, we want to work with you all to ensure that a system
is implemented that is accurate and that avoids negative
consequences for workers, both U.S.-born and immigrant.
While the focus of the Basic Pilot and the immigration
reform debate has largely focused on DHS, as you heard this
morning, SSA plays an integral role in its functionality. If it
were to become mandatory, SSA would have to process 60 million
queries per year versus the 1.8 it currently does.
So, a number of studies have found that the Basic Pilot
Program has significant weaknesses, including its reliance on
government databases that have unacceptably high error rates,
and employer misuse of the program to take adverse action
against workers. The significant weaknesses that exist in the
current program, which serves approximately 17,000 employers,
would be greatly exacerbated if the program were to surge to
over six million.
Improvements to the Basic Pilot have been made in the past
10 years, but they are not sufficient enough for a mandatory
program that, because of database errors, could take away
people's livelihood. Additionally, if the current flaws are not
addressed before it is made mandatory, it could lead to
noncompliance, which would result in certain businesses and
workers moving into the underground, unregulated cash economy,
which could result in billion-dollar losses in Federal, state,
and local tax revenues. A similar situation would occur if an
EEVS were to be implemented outside the context of
comprehensive immigration reform.
So, the database errors: As you heard this morning, we have
got a 4.1 percent error rate. The error rate affects all
workers, but it disproportionately affects immigrants. The
impact is the most on foreign-born naturalized citizens.
Most people don't know when you naturalize to tell SSA that
they changed their status. So, there are over three million
records that have incorrect information on those folks. So they
are going to have to go into SSA field offices to correct the
information. So, the burden on your constituents could be
enormous.
When workers receive a tentative nonconfirmation, they
can't call the SSA field office. They actually have to
physically go into the SSA field office. Right now, one-third
of people simply applying for an SSN have to go back to the
office with additional documentation. They have to make two
trips.
From testimony from the National Council of Social Security
Management Associations, wait times in field offices are
running 2 to 3 hours, with some over 4 hours. So, if you think
you are getting calls on disability right now, just wait until
this is implemented.
So, the independent evaluation also found that employers
misuse the Basic Pilot. For example, the law requires that you
first extend a job offer and then you put the person's
information through the system. In violation of this
requirement, 42 percent of employers put workers through Basic
Pilot before extending a job offer.
Why is this a problem? It is a problem because, because of
these high error rates, most people who get tentative
nonconfirmations are actually authorized to work. So, if they
are not hired because of a tentative nonconfirmation, they
never know that there is a problem, they are never hired, and
then they can't go and fix the database errors. It might happen
again at their next job.
Employers also penalize workers who receive tentative
nonconfirmations, and 45 percent of employers subject people to
pay cuts, delays in job training, and other restrictions on
working.
So, what do we need to do to have a workable system? First,
I want to start out and say the STRIVE Act in the House is what
we consider the best effort at addressing an EEVS in a
meaningful and thoughtful way. I do want to mention, too, that
there is an independent evaluation commissioned by USCIS that
has not been released to the public, and I would urge you all
to get a copy of that report before you move forward. It is by
the Westat Corporation.
So, one, we need to phase in the system at a reasonable
rate, and we need to have objective benchmarks. So, SSA and DHS
have to prove to us they can meet certain levels of database
accuracy, privacy, employer compliance with the system, and low
error rates before the system is implemented. It is simple:
Prove the system works before you implement it.
Two, include meaningful due process protections because for
the first time in the history of this country, your
constituents are going to have to ask the Federal Government
for permission to work. If they are wrongly denied, they are
going to be mad, and there should be a way for them to correct
those errors.
Last, include workable documentation requirements that do
not require a real ID license or a hardened SSN card, neither
of which exist. Fifteen states thus far have said they will not
implement the REAL ID Act.
Last, I forgot, strong anti-discrimination protections that
prohibit employers from misusing the EEVS to penalize workers.
So, I just want to conclude by saying the House of
Representatives is going to move forward on a immigration bill
after the Senate finishes up this week. It is critical that it
be guided by the lessons learned of the last 10 years of Basic
Pilot. Since so much of the focus is on DHS, it will be
critical for this Committee to work with the Judiciary
Committee to help inform them about the impact of the system on
SSA, and what resources will be needed to fix those database
errors, and also how the agency can work with DHS to make sure
that employers are following the rules and not taking adverse
action against workers.
So, I would be happy to answer any questions, particularly
about any of the proposals before Congress right now.
[The prepared statement of Ms. Moran follows:]
Prepared Statement of Tyler Moran, Employment Policy Director, National
Immigration Law Center, Boise, Idaho
Members of the Committee, thank you for the opportunity to address
the critical issue of current and proposed electronic employment
verification systems (EEVS). My name is Tyler Moran, and I am the
Employment Policy Director at the National Immigration Law Center
(NILC). NILC is a nonpartisan national legal advocacy organization that
works to advance and promote the rights of low-income immigrants and
their family members. Since its inception in 1979, NILC has earned a
national reputation as a leading expert on the intersection of
immigration law and the employment rights of low-income immigrants.
NILC's extensive knowledge of the complex interplay between immigrants'
legal status and their rights under U.S. employment laws is an
important resource for immigrant rights coalitions and community
groups, as well as national advocacy groups, policymakers, attorneys
and legal aid groups, workers' rights advocates, labor unions,
government agencies, and the media.
Overview
My testimony today will focus on (1) the limitations of the current
electronic employment verification system--the Basic Pilot program--
upon which most proposed EEVS are based; (2) a summary of the impact of
a flawed EEVS on the Social Security Administration (SSA) and on
foreign-born workers; (3) an explanation of what provisions must be
included in any mandatory EEVS; and (4) an analysis of the EEVS
proposed in the 2007 House and Senate comprehensive immigration reform
bills.
NILC has tracked the Basic Pilot program since it was implemented
in 1997 and has extensive experience assisting immigrant advocates,
attorneys, unions and other worker advocates in responding to problems
with the program, including the way in which it has adversely affected
workers. Because of this experience, we do not support expansion of a
mandatory EEVS. However, because the concept enjoys almost universal
support in Congress, and therefore will almost certainly be
incorporated into any comprehensive immigration reform bill, we want to
ensure that any proposed system be designed so as to avoid negative
consequences for workers--both immigrant and U.S.-born.
While the focus of Basic Pilot has largely been on the Department
of Homeland Security (DHS) and its agency that administers the
program--the U.S. Citizenship and Immigration Services (USCIS)--the SSA
also plays an integral role in ensuring its functionality. In fact, SSA
must verify the name, Social Security number (SSN), and date of birth
(and citizenship status of U.S. citizens) of every worker in the
country whose employer participates in the Basic Pilot. If Basic Pilot
were to become mandatory (and apply only to new hires), this would mean
that SSA would need to process 50-60 million queries per year, versus
the 1.8 million queries that the agency processed in 2006.\1\
---------------------------------------------------------------------------
\1\ According to former Commissioner Barnhart, SSA averaged 150,000
queries per month in 2006. See Jo Anne B. Barnhart, Testimony before
the House Committee on Ways and Means (Social Security Administration,
July 26, 2006), http://waysandmeans.house.gov/hearings.asp?
formmode=printfriendly&id=5172.
---------------------------------------------------------------------------
It is therefore essential that this Committee understand what it
will take to create a system that functions with a high level of data
accuracy, is properly monitored, and does not unintentionally promote
employment discrimination. If implemented using the existing
technology, procedures, and databases, the financial costs would be
high and the inaccurate results would have a human cost borne by U.S.-
born and immigrant workers. In addition, an expanded system would
result in dangerous privacy breaches and increased discrimination
against individuals who look or sound foreign.
The Social Security Administration's Role in the Basic Pilot Program
The Basic Pilot Program is an Internet-based program that allows
employers to electronically verify new workers' employment eligibility
by directly checking the records maintained by SSA and DHS. The program
is one of the three pilots created by the Illegal Immigration Reform
and Immigrant Responsibility Act of 1996, which began operating in six
states in 1997. The other two pilot programs were discontinued.
However, in December 2004 Congress extended the Basic Pilot to all 50
states, and it is now available to employers who voluntarily choose to
participate in the program, although certain employers who have been
found to unlawfully hire unauthorized workers or who have discriminated
against workers on the basis of national origin or citizenship status
may be required to participate. According to DHS, 16,000 employers are
currently enrolled in the program.\2\
---------------------------------------------------------------------------
\2\ Jock Scharfen, Testimony before the Subcommittee on
Immigration, Citizenship, Refugees, Border Security, and International
Law, Committee on the Judiciary, U.S. House of Representatives:
Problems in The Current Employment Verification and Worksite
Enforcement System (USCIS, U.S. Dept. of Homeland Security, April 24,
2007), http://judiciary.house.gov/media/pdfs/Scharfen070424.pdf.
---------------------------------------------------------------------------
How the Verification Process Works at SSA \3\
Before employers can use the Basic Pilot program, they must first
sign a memorandum of understanding (MOU), which sets forth the points
of agreement between SSA, DHS, and the employer regarding the
employer's participation in the program. Employers must also complete
an online training and display a notice at the workplace from DHS
indicating the employer's participation in the program, and an
antidiscrimination notice from the Office of Special Council for
Immigration-Related Unfair Employment Practices, Department of Justice.
---------------------------------------------------------------------------
\3\ For more information on the entire Basic Pilot process, see
Basic Information Brief: DHS Basic Pilot Program (National Immigration
Law Center, March 2007), www.nilc.org/immsemplymnt/ircaempverif/
basicpilot_infobrief_brief_2007-03-21.pdf.
---------------------------------------------------------------------------
1. Step 1: Employer completes I-9 form.
Employers participating in the Basic Pilot must still complete an
I-9 employment eligibility verification form for each new employee
hired as is required of all employers, but with one change to those
procedures: Basic Pilot employers can accept a document as proof of a
worker's identity only if the document includes a photograph. It is
still the employee's choice, however, which documents to present to
establish identity and employment eligibility.
2. Step 2: Employer verifies identity and employment eligibility using
the Basic Pilot.
For each newly hired worker, the employer must enter the worker's
information provided on the I-9 form--such as name, SSN, and
citizenship status or alien number--into a form on the Basic Pilot
website within three days of the worker's hire date. If a worker has
not yet been assigned an SSN (as can be the case with newly-arrived
immigrants), however, the employer has to wait to enter that person's
information into the Basic Pilot form after the SSN is obtained. This
procedure is in conflict with the requirements outlined in the MOU
stating that the employer will put the worker's information into the
Basic Pilot within three days of hire. There continue to be delays in
issuing SSNs at field offices--delays that can last for months.
According to the American Immigration Lawyers Association, some of the
delays arise from ``front desk'' errors, where an application is
rejected for lack of a document that is not required.\4\
---------------------------------------------------------------------------
\4\ Minutes of the Social Security Administration and CIS AILA
Liaison Meeting on SSA Related Issues (American Immigration Lawyers
Association, May 8, 2006).
---------------------------------------------------------------------------
The information that is entered on the Basic Pilot website is first
checked against information contained in SSA's database, the Numerical
Identification File (``Numident''). SSA verifies that the name, SSN,
and date of birth are correct, regardless of the worker's immigration
status. SSA also confirms whether, if the employee has stated that he
or she is a U.S. citizen, this is in fact the case; if it is, this
establishes that the employee is employment-eligible. In the cases of
naturalized citizens, however, SSA is sometimes unable to confirm their
U.S. citizenship and must forward the inquiry to USCIS.
For any non-U.S. citizen employee, USCIS verifies that the worker
currently has employment-authorization. If the information provided by
the worker matches the information in the SSA and USCIS records, the
employer will receive a ``confirmation'' and no further action will
generally be required, and the worker may continue employment.
If SSA is unable to verify information presented by the worker, the
employer will receive an ``SSA tentative nonconfirmation'' notice.
Employers can receive an SSA tentative nonconfirmation notice for a
variety of reasons, including lags in data entry in SSA's database,
inaccurate entry of information into the form on the Basic Pilot
website, or name changes or changes in immigration status that are not
reflected in SSA's database. An SSA tentative nonconfirmation is also
issued when the person attests to being a U.S. citizen but SSA records
indicate that the person is a noncitizen with unknown work-
authorization status. For example, a foreign-born U.S. citizen may have
naturalized, but if the person does not inform SSA of this fact, SSA
records will reflect his or her former immigration status.
3. Step 3: Employee can challenge a ``tentative nonconfirmation.''
If the individual's information initially does not match SSA's
records, the employer must first double-check that the information was
entered correctly into the system. If the employer did not make an
error, the employer must give the employee written notice of that fact,
called a ``Notice to Employee of Tentative Nonconfirmation.'' The
worker must then check a box on the notice stating that he/she contests
or does not contest the tentative nonconfirmation notice, and both the
worker and employer must sign the notice. If the worker chooses to
contest the tentative nonconfirmation notice, the employer must print a
second notice, called a ``Referral Letter,'' which contains information
about resolving the tentative nonconfirmation notice, as well as the
contact information for SSA. The worker then has eight Federal
Government work days to visit an SSA office to try to resolve the
discrepancy. SSA then has 10 Federal Government work days after the
worker receives the referral notice to resolve the case.
Under the MOU, if the worker contacts SSA (or USCIS) to resolve the
tentative nonconfirmation, the employer is prohibited from terminating
or otherwise taking adverse action against the worker while he/she
awaits a final resolution from the Government agency--even if it takes
more than 10 Federal Government work days for SSA to resolve the
matter. In the case of an SSA tentative nonconfirmation notice, the
employer must wait 24 hours after the worker visits SSA to resubmit the
inquiry to the Basic Pilot program, and no later than 10 Federal
Government work days after the date that the worker was referred to
SSA. If the worker does not contest the tentative nonconfirmation
notice, it automatically becomes a ``final nonconfirmation'' and the
employer is required to fire the worker.
Concerns about Expanding the Basic Pilot Program
Numerous entities, including those that researched and wrote an
independent report commissioned by the former Immigration and
Naturalization Service, the Government Accountability Office, and the
Social Security Administration's Office of the Inspector General (SSA-
OIG), have found that the Basic Pilot program has significant
weaknesses, including (1) its reliance on government databases that
have unacceptably high error rates and (2) employer misuse of the
program to take adverse action against workers.\5\ It is our
understanding that the research corporation, Westat, has recently
concluded another evaluation of the Basic Pilot for USCIS, though the
results of that study have yet to be released to the public. It is
critical that Congress review this evaluation before proceeding with
any proposal to create a mandatory EEVS.
---------------------------------------------------------------------------
\5\ See Findings of the Basic Pilot Program Evaluation (Temple
University Institute for Survey
Research and Westat, June, 2002), www.uscis.gov/portal/site/uscis/
menuitem.5af9bb95919f35e66f 614176543f6d1a/
?vgnextoid=9cc5d0676988d010VgnVCM10000048f3d6a1RCRD&vgnextchannel=
2c039c7755cb9010VgnVCM10000045f3d6a1RCRD; Immigration Enforcement:
Weaknesses Hinder Employer Verification and Worksite Enforcement
Efforts (Government Accountability Office, Aug. 2005) (hereafter
``GAO''), www.gao.gov/new.items/d05813.pdf; and Congressional Response
Report: Accuracy of the Social Security Administration's Numident File
(Office of the Inspector General, Social Security Administration, Dec.
2006), (hereafter ``SSA''), www.socialsecurity.gov/oig/ADOBEPDF/
audittxt/A-08-06-26100.htm; Congressional Response Report: Employer
Feedback on the Social Security Administration's Verification Programs
(Office of the Inspector General, Social Security Administration, Dec.
2006), www.ssa.gov/oig/ADOBEPDF/A-03-06-26106.pdf; and Congressional
Response Report: Monitoring the Use of Employee Verification Programs
(Office of the Inspector General, Social Security Administration, Sept.
2006), www.ssa.gov/oig/ADOBEPDF/A-03-06-36122.pdf.
---------------------------------------------------------------------------
The significant weaknesses that exist in the current program, which
serves approximately 16,000 employers, would be greatly exacerbated if
the program were to surge to over 7 million. In Fiscal Year 2005, when
the latest evaluation took place, only half as many employers used the
program as use it now. While improvements to the Basic Pilot have been
made since its inception, they are not sufficient for a mandatory
program that, because of inaccurate nonconfirmations, could cause
workers and businesses irreparable harm. Additionally, if the current
flaws in the Basic Pilot are not addressed before it is made mandatory,
it will lead to flawed implementation, frustration, and even
noncompliance, which will result in certain businesses and industries
moving into the unregulated underground cash economy.
When employers and workers move into the underground economy, the
societal and economic costs are enormous. If enough of them abandon the
``above-ground'' economy, it could result in billion-dollar losses in
federal, state, and local tax revenues, unfair competition, and further
exploitation and abuse of all workers by unscrupulous employers. The
similar situation would result if a mandatory EEVS were to be
implemented outside the context of comprehensive immigration reform. In
that case, the new system would start out with the insurmountable
handicap of 8 million unauthorized workers and their employers seeking
to uncover and exploit the weaknesses inherent in any system.
Database inaccuracies
One of the most significant problems identified in independent
evaluations of the Basic Pilot program is that it is seriously hindered
by inaccuracies and outdated information in SSA and DHS databases. For
example, a sizeable number of workers who are identified as not having
work authorization are in fact authorized, but for a variety of reasons
the databases do not have up-to-date information on them. The SSA
database used for the Basic Pilot program is the Numident file, which
contains information on 435 million SSN holders, including name, date
of birth, and place of birth, parents' names, citizenship status, date
of death (if applicable), and the office where the SSN application was
processed and approved.\6\ As referenced earlier in this testimony, the
Numident file is the first point of verification in the Basic Pilot
process.
---------------------------------------------------------------------------
\6\ SSA, Accuracy of the Social Security Administration's Numident
File, supra note 5.
---------------------------------------------------------------------------
According to a December 2006 report by SSA-OIG, 17.8 million (or
4.1 percent) of SSA's records in the Numident file contain
discrepancies related to name, date of birth, or citizenship status
that could result in tentative nonconfirmation notices from Basic
Pilot.\7\ Any time that SSA's database conflicts with information
presented by a worker, that worker must follow up with one of SSA's
field offices. According to the Bureau of Labor Statistics, there are
4.9 million new hires per month in the U.S.\8\ If 4.1 percent of these
new hires received a tentative nonconfirmation notice from SSA, field
offices could potentially see 100,900 additional citizens and lawful
immigrants per month seeking assistance with these alleged
discrepancies.
---------------------------------------------------------------------------
\7\ Id.
\8\ Job Openings and Labor Turnover: February 2007 (U.S. Dept. of
Labor, Bureau of Labor Statistics, February 2007), www.bls.gov/
news.release/pdf/jolts.pdf.
---------------------------------------------------------------------------
In 2006 testimony before the Senate Finance Committee, the
Inspector General of Social Security expressed concerns about an
``increased workload in the field offices and teleservice centers''
that would result from workers challenging erroneous database
findings.\9\ At a recent Senate Finance hearing, the President of the
National Council of Social Security Management Associations, Inc.,
testified that if a mandatory EEVS and hardened SSN card are instituted
as part of an immigration reform bill without necessary funding, ``it
could cripple SSA's service capabilities.'' \10\ This problem is
compounded by the fact that the agency is at its lowest staffing level
since the early 1970s, and SSA field offices have lost 2,400 positions
in the past 19 months.\11\ As noted in the December 2006 OIG report,
``[I]f use of an employment verification service such as the Basic
Pilot becomes mandatory, the workload of SSA and DHS may significantly
increase--even if only a portion of these 17.8 million numberholders
need to correct their records with one of these agencies.'' \12\
Already, SSA field offices serve 42 million visitors per year.\13\
---------------------------------------------------------------------------
\9\ Patrick P. O'Carroll Jr., Testimony before the U.S. Senate
Committee on Finance: Administrative Challenges Facing the Social
Security Administration (Office of the Inspector General, Social
Security Administration, March 14, 2006), http://finance.senate.gov/
hearings/31699.pdf.
\10\ Richard Warsinskey, Testimony before the U.S. Senate Committee
on Finance: Funding Social Security's Administrative Costs: Will the
Budget Meet the Mission? (National Council of Social Security
Management Associations, Inc., May 23, 2007), http://
finance.senate.gov/hearings/testimony/2007test/052307testrw.pdf.
\11\ Id.
\12\ SSA, Accuracy of the Social Security Administration's Numident
File, supra note 5.
\13\ Barnhart, supra note 1.
---------------------------------------------------------------------------
The cost and burden of SSA tentative nonconfirmation notices not
only affects local SSA offices, but also workers. Although U.S.
citizens' records do have discrepancies, a disproportionate number of
the database errors affect foreign-born U.S. citizens and work-
authorized noncitizens. According to the December 2006 OIG report,
approximately 4.8 million noncitizen records and 8 million foreign-born
U.S. citizen records contain discrepancies that may result in a
tentative nonconfirmation notice from the Basic Pilot.\14\ And, 3.3
million of foreign-born U.S. citizen records do not contain updated
information on their citizenship status, so when they claim U.S.
citizenship on their I-9 employment eligibility verification form,
these workers receive a tentative nonconfirmation notice because their
information does not match that in the SSA database.
---------------------------------------------------------------------------
\14\ SSA, Accuracy of the Social Security Administration's Numident
File, supra note 5.
---------------------------------------------------------------------------
When workers receive a tentative nonconfirmation notice, they often
have to take unpaid time off from work to follow up with SSA, which may
take more than one trip. Waiting time at field offices are running two
to three hours, with some visits lasting over four hours.\15\ According
to the National Council of Social Security Management Associations,
Inc., nearly one-third of the people currently coming into SSA Field
Offices to apply for an original or duplicate SSN have to return with
additional documentation.\16\ Additionally, an unknown number of work-
authorized job applicants are not notified of tentative
nonconfirmations by their employer or are wrongfully terminated by
their employer before they even have the opportunity to prove that they
are indeed authorized to work in the U.S. (For more information on this
problem, see the section below regarding employer misuse of the
program).
---------------------------------------------------------------------------
\15\ Warsinskey supra note 10.
\16\ Richard Warsinskey, Testimony before the U.S. Senate Committee
on Finance: Administrative Challenges Facing the Social Security
Administration (National Council of Social Security Management
Associations, Inc., March 14, 2006), http://finance.senate.gov/
hearings/31699.pdf.
---------------------------------------------------------------------------
Equally concerning is the fact that when workers do go to an SSA
field office to correct their records, their information is sometimes
not updated in a timely manner. Additionally, Basic Pilot rules
instruct employers to wait 24 hours after a worker has updated his or
her records to re-query the system; however, many times the employer
will re-query the system before the 24-hour period has passed, or check
before the employee visits SSA. In these instances, the employer will
receive a default final nonconfirmation. According to Basic Pilot
rules, the employer is then required to fire the worker.
Employer misuse of the program
The independent evaluations of Basic Pilot have also revealed that
employers use the Basic Pilot program to engage in prohibited
employment practices.\17\ According to the SSA-OIG, ``We learned that a
significant number of the Basic Pilot employers in our sample verified
individuals outside the scope of the signed agreement between the
employer, SSA and DHS.'' \18\ For example, the law requires that
employers first extend a job offer to a worker and then complete the
employment eligibility verification process, including the Basic Pilot
procedure. In violation of this requirement, many employers put workers
through Basic Pilot before extending the job offer, to avoid the
potential costs of hiring and training employees who are not eligible
to work (a practice known as ``pre-screening''). This practice is a
problem because most workers who receive a tentative nonconfirmation
are, in fact, authorized to work. If workers are not hired because of a
tentative nonconfirmation and are never informed that there is a
problem with their records, they not only are denied a job but also the
opportunity to contest database inaccuracies. Moreover, pre-screening
increases the likelihood that an employer may be discriminatorily
selecting foreign-looking or foreign-sounding individuals for such
screening, resulting in increased discrimination without the person
even knowing he or she has been subjected to this unlawful practice.
---------------------------------------------------------------------------
\17\ GAO, SSA, and Temple University Institute for Survey Research
and Westat, supra note 5.
\18\ SSA, Employer Feedback on the Social Security Administration's
Verification Programs, supra note 5.
In 2002, among employees who received a tentative
nonconfirmation from the Basic Pilot, 23 percent said that they were
not offered a job.\19\
---------------------------------------------------------------------------
\19\ Temple University Institute for Survey Research and Westat,
supra note 5.
---------------------------------------------------------------------------
Four years later, in 2006, 42 percent of employees
surveyed reported that employers used the Basic Pilot to verify their
employment authorization before hire.\20\
---------------------------------------------------------------------------
\20\ SSA, Employer Feedback on the Social Security Administration's
Verification Programs, supra note 5.
---------------------------------------------------------------------------
The 2002 evaluation found that 73 percent of employees who
should have been informed of work authorization problems were not
notified.\21\
---------------------------------------------------------------------------
\21\ Temple University Institute for Survey Research and Westat,
supra note 5.
Employers also illegally use the Basic Pilot to verify the
employment eligibility of their existing workforce. The immigration
regulations require employers to reverify workers' employment
authorization in very limited circumstances (including when their work
authorization expires). This has helped minimize the potential
discrimination that may ensue from employers constantly reverifying
only noncitizens or from using the reverification system in a
retaliatory manner. According to the September 2006 SSA-OIG report, 30
percent of Basic Pilot users admitted they had verified the employment
authorization of existing employees.\22\
---------------------------------------------------------------------------
\22\ SSA, Monitoring the Use of Employee Verification Programs,
supra note 5.
---------------------------------------------------------------------------
Employers also take adverse employment action based on tentative
nonconfirmation notices, which penalizes workers while they and the
appropriate agency (SSA or DHS) work to resolve database errors. For
example, the 2002 independent evaluation found that 45 percent of
employees surveyed who contested a tentative nonconfirmation were
subject to pay cuts, delayed job training, and other restrictions on
working.\23\ Some employers also compromised the privacy of workers in
various ways, such as by failing to safeguard access to the computer
used to maintain the pilot system, e.g., leaving passwords and
instructions in plain view for other personnel to potentially access
the system and employees' private information.
---------------------------------------------------------------------------
\23\ Temple University Institute for Survey Research and Westat,
supra note 5.
---------------------------------------------------------------------------
Although employers are prohibited from engaging in these practices
under the MOU they sign, USCIS officials have told the GAO that their
efforts to review and oversee employers' use of the Basic Pilot program
have been limited by lack of staff.\24\
---------------------------------------------------------------------------
\24\ Richard M. Stana, Testimony before the Subcommittee on
Immigration, Border Security, and Citizenship, Committee on the
Judiciary, U.S. Senate, Immigration Enforcement: Weaknesses Hinder
Worksite Enforcement Efforts (Government Accountability Office, June
2006), www.gao.gov/new.items/d06895t.pdf.
---------------------------------------------------------------------------
Provisions That Must Accompany Any Nationwide, Mandatory Employment
Eligibility Verification System
After nearly a decade of experience with the Basic Pilot Program,
it is clear that the existing program has significant flaws that must
be addressed if Congress is to pursue the creation of a new EEVS. The
creation of such a system without addressing the fundamental flaws in
the current program is inadvisable and will result in severe negative
consequences for immigrants and U.S. workers on a much larger scale
than they currently experience.
The following features would address the flaws in the existing
Basic Pilot program.
Phase-in with objective benchmarks.
The best way to ensure implementation of an EEVS that is accurate
and implemented in a nondiscriminatory manner is to set standards and
expectations for system performance up front and to hold DHS and SSA
accountable for meeting those standards. Experience confirms that
federal agencies do not meet expectations if the standards they are
given are vague and optional. Therefore, the EEVS should be phased in
at a reasonable rate, by size of employer, and provide for
certification by the Comptroller General that it meets benchmarks
regarding database accuracy, low error rates, privacy, and measurable
employer compliance with system requirements before implementation and
each phase of expansion.
The EEVS program is particularly vulnerable to poor planning
because of its unprecedented scope and the disconnect between the
agency mandate to get something up and running quickly and the
requirements that would ultimately determine whether it is successful,
such as the need for speed, efficiency, reliability, and information
security. It is much easier to make design changes in a system before
it goes fully online than afterwards. That is why software
manufacturers produce ``beta'' versions of their programs to be tested
in the real world before mass public marketing distribution. Once a
system is designed and put in place for all employers and workers in
our economy, it will be costly and difficult to implement needed
changes.
Antidiscrimination protections.
Experience has taught us that unscrupulous employers will use the
system to unlawfully pre-screen potential employees, reverify work
authorization, and engage in other unlawful activities when an employee
lodges a complaint or engages in collective organizing. It has also
demonstrated that DHS has not prioritized monitoring of employer misuse
of the system, since 10 years after it was first implemented there is
still no system in place for monitoring it. Thus, stronger enforcement
and monitoring efforts and higher penalties for noncompliance are
necessary to compel reluctant employers to comply with the law.
Employers also must be explicitly prohibited from (1) conducting
employment eligibility verification before offering employment; (2)
unlawfully reverifying workers' employment eligibility; (3) using the
system to deny workers' employment benefits or otherwise interfere with
their labor rights, or to engage in any other unlawful employment
practice; (4) taking adverse action against workers whose status cannot
initially be confirmed by the EEVS; or (5) selectively excluding
certain people from consideration for employment due to the perceived
likelihood that additional employment eligibility verification might be
required, beyond what is required for other job applicants.
Due process protections against erroneous determinations.
For the first time in the history of this country, workers will
need to seek approval from the federal government to secure their
livelihood. If the database errors are not improved before the EEVS is
implemented, it is likely that millions of workers could be wrongly
identified as not authorized for employment. It is therefore critical
that workers have access to a meaningful administrative and judicial
review process that provides for remedies such as back pay and
attorney's fees if it is determined that a worker was terminated due to
SSA or DHS error. Additionally, the EEVS must allow individuals to view
their own records and correct any errors through an expedited process
established by SSA and DHS.
Privacy and identity theft protections.
The EEVS must protect information in the database from unauthorized
use or disclosure. It is critical that privacy protections be included
so that the information contained in the databases is not used for
nonemployment eligibility verification purposes. The 2002 evaluation
found several instances where employers or other unauthorized
individuals gained access to the Basic Pilot program for uses other
than the designated purpose. Civil and criminal penalties for unlawful
use of information in the EEVS should also be included.
Studies of and reports on EEVS performance.
Any EEVS should be independently evaluated to ensure that the
program is meeting the needs of both employers and employees. Reports
should specifically evaluate the accuracy of DHS and SSA databases, the
privacy and confidentiality of information in the databases, EEVS's
impact on workers, and whether the program has been implemented in a
nondiscriminatory manner.
Workable documentation requirements.
Proposals to further limit which documents are acceptable to
establish employees' identity must be flexible enough to recognize the
fact that not all work-authorized individuals have the same documents.
Under no circumstances should a REAL ID-compliant driver's license or
ID card be required. No state is currently in compliance with REAL ID,
and indeed 11 states thus far have decided not to implement the law or
have placed significant conditions on their participation.\25\ In
eleven additional states, legislation opposing REAL ID has passed one
or more chambers of the state's legislature.
---------------------------------------------------------------------------
\25\ States include Arkansas, Colorado, Georgia, Hawaii, Idaho,
Maine, Missouri, Montana, Nevada, North Dakota, and Washington.
---------------------------------------------------------------------------
Employment Eligibility Verification Systems in the Context of
Comprehensive Immigration Reform
The two most significant immigration reform bills introduced in the
House and Senate in 2007 include the ``Security Through Regularized
Immigration and a Vibrant Economy (STRIVE) Act of 2007'' (H.R. 1645),
introduced by Representatives Gutierrez and Flake, and the ``Secure
Borders, Economic Opportunity and Immigration Reform Act of 2007'' (S.
1348) currently being negotiated in the Senate. Both bills include a
mandatory EEVS, but there are significant differences between these two
proposals. Most notably, the STRIVE Act makes a real attempt to address
the shortcomings of the Basic Pilot program by including benchmarks, as
well as privacy, antidiscrimination, and due process protections.
Although it is unlikely that the STRIVE Act will be the immigration
bill taken up by the House Judiciary Committee, it is helpful to
analyze its EEVS provisions through the lens of accuracy, workability,
and minimizing the harm to all workers.
The ``Security Through Regularized Immigration and a Vibrant Economy
(STRIVE) Act of 2007''
The STRIVE Act represents the best legislative effort to date to
address the shortcomings of the Basic Pilot program.\26\ Unfortunately,
the bill contains a couple of provisions that would limit its
workability. First, the STRIVE Act significantly limits the documents
that individuals can present to prove their identity when seeking
employment. Most concerning is the requirement that workers present
documents that do not exist, such as a REAL ID-compliant driver's
license and a biometric, machine-readable, tamper-resistant Social
Security card. Former Commissioner Barnhart testified in July 2006 that
the cost of issuing new cards with enhanced security features could
cost approximately $9.5 billion and require 67,000 work years.\27\ This
means that if U.S. citizens, including foreign-born U.S. citizens, do
not have a REAL ID license or hardened SSN, they will have to present
either a passport (passports are held by only approximately 20 percent
of the U.S. population\28\) or a passport card, which is not yet
available. The Brennan Center for Justice estimates that as many as 13
million U.S. citizens do not have ready access to citizenship
documents, such as U.S. passports, naturalization papers, or birth
certificates.\29\
---------------------------------------------------------------------------
\26\ For a summary of the EEVS provisions in the STRIVE Act, see
Employment Eligibility Verification System in the STRIVE Act of 2007
(National Immigration Law Center, April 2007), www.nilc.org/
immsemplymnt/cir/strive_eevs_2007-04-02.pdf.
\27\ Barnhart, supra note 1.
\28\ Phil Gyford, ``How Many Americans Own Passports?,''
www.gyford.com/phil/writing/2003/01/31/how_many_america.php.
\29\ Citizens Without Proof: A Survey of Americans' Possession Of
Documentary Proof of Citizenship and Photo Identification (Brennan
Center for Justice at NYU School of Law, November 2006),
www.brennancenter.org/dynamic/subpages/download_file_39242.pdf.
---------------------------------------------------------------------------
Second, the STRIVE Act requires SSA to disclose private taxpayer
identity information of employers and employees to DHS when DHS
requests this information. Use of confidential tax information to
enforce immigration law can have a negative affect on tax compliance
and has the potential to increase discrimination against foreign-
looking or -sounding workers.
Provisions in the STRIVE Act that should be included in any EEVS
proposal:
Benchmarks for system performance. Before the EEVS is
implemented (and before any subsequent phase-in), the Comptroller
General must study and certify that certain standards have been met,
including database accuracy, measurable employer compliance with the
EEVS requirements, protection of workers' privacy, and adequate agency
staffing and funding. In conducting the studies, the Comptroller
General must consult with representatives from immigrant communities,
among others. The Comptroller General is also required to submit
reports to DHS and Congress on the impact of the EEVS on employers and
employees.
Protections against discrimination. The STRIVE Act amends
section 274B of the Immigration and Nationality Act (INA), relating to
unfair immigration-related employment practices, to explicitly apply to
employment decisions related to the new EEVS. Additionally, it
prohibits employers from misusing the EEVS, increases fines for
violations, brings the INA into line with other civil rights laws, such
as Title VII of the Civil Rights Act, and provides funding to educate
employers and employees about antidiscrimination policies.
Privacy protections. The STRIVE Act requires that
information in the EEVS be safeguarded and that only minimum data
elements be stored. It creates penalties for unlawfully accessing the
EEVS and for using information in the EEVS to commit identity theft for
financial gain.
Due process provisions. The STRIVE Act requires that
workers can view their own records and correct or update information in
the EEVS. DHS also must establish a 24-hour hotline to receive
inquiries from workers and employers concerning determinations made by
the EEVS. The STRIVE Act also creates an administrative and judicial
review process to challenge a finding that a worker is not authorized
for employment (a ``final nonconfirmation''). If, after the process,
the worker is found to be authorized for employment and the error was
DHS's, the worker is entitled to back wages (although not during any
period that the worker was not authorized for employment). However,
attorney's fees and costs are not included--even though employers can
recover up to $50,000 in attorney's fees when they challenge a finding
that they violated immigrant law. Low-income workers are far less
equipped than better-off workers to represent themselves or hire
counsel, and the availability of fees is critical to their ability to
pursue their rights. STRIVE also prohibits a private right of action,
which also would drastically limit workers' ability to correct abuses
and errors of the system.
Annual study and report. The STRIVE Act requires the
Comptroller General to conduct annual studies to be submitted to
Congress that determine whether the EEVS meets the following
requirements: demonstrated accuracy of the databases; low error rates
and incidences of delays in verification; measurable employer
compliance with EEVS requirements; protection of workers' private
information; adequate agency staffing and funding for SSA and DHS.
The ``Secure Borders, Economic Opportunity and Immigration Reform Act
of 2007'' (S. 1348) \30\
S. 1348 falls well short of creating a workable system. Its most
troubling provision is the requirement that the guest worker and
legalization programs for which it provides may not be implemented
until the EEVS (including the use of ``secure'' documentation and
digitized photographs that do not currently exist) is implemented.
Because of this pressure, the focus will be on getting the EEVS up and
running as quickly as possible, rather than on implementing an accurate
system that actually works without adversely impacting authorized
workers.
---------------------------------------------------------------------------
\30\ Amendment 1150 to S. 1348 is the actual text of the bill being
debated; however, there has not yet been a vote on the amendment, so S.
1348 still stands. This analysis refers to amendment 1150.
---------------------------------------------------------------------------
It is expected that an amendment will be introduced this week (to
amendment 1150; see footnote 30) that will improve the EEVS provisions
in S. 1348. Although the amendment will significantly improve the
underlying bill, it will not address the database inaccuracies and will
fall short on due process protections. Concerns with S. 1348 as
introduced include the following:
The implementation timeline is unreasonable and
unworkable. All employers must participate in the EEVS within 18 months
of enactment, with respect to new hires and those with expiring work
authorization documents or immigration status; and within 3 years, all
employers must use the EEVS for all new and continuing employees,
including those in ``Z'' status who have not previously presented
secure documentation. DHS is also given the sole discretion to require
employers to participate at an earlier date than outlined. This rigid
timetable must be met regardless of whether the EEVS actually works and
whether the technology exists to implement it; nor is the timetable
subject to performance benchmarks.
The antidiscrimination protections are weaker than current
law. Current law regarding ``impermissible'' uses of the EEVS would be
weakened under the Senate bill (existing requirements are outlined in
the MOU that employers sign under the Basic Pilot) because the bill
specifically prohibits these ``impermissible'' practices from being
covered under the antidiscrimination protections in the INA by giving
DHS exclusive enforcement authority and funding. Section 274B of the
INA prohibits discrimination based on national origin and citizenship
status, and provides a process for complaints, investigations,
administrative and judicial review, and remedies. It is unlikely that
DHS's policy will include such procedures, since DHS has no expertise
in this area.
The due process protections are insufficient. Under the
administrative review provisions, a final nonconfirmation is stayed
pending the administrative review decision unless SSA or DHS decides
that the ``petition for review is frivolous, unlikely to succeed on the
merits, or filed for purposes of delay.'' This means that the agency
whose administrative decision is being appealed has sole authority to
issue or deny a stay of a nonconfirmation notice while an appeal is
pending. The employee appealing the decision faces irreparable harm
through loss of employment if a stay is denied, and the legislation
does not provide a method for recovery of back pay, costs or attorney's
fees for those who are wrongfully terminated due to SSA or DHS database
errors, including where the agency fails to issue a stay during the
appeal process.
Workers have 30 days from the completion of the administrative
appeal to file for judicial review in the U.S. Court of Appeals.
However, the court can decide the petition based only on the
administrative record, which may be limited. The burden is on the
worker to demonstrate that the agency decision was ``arbitrary,
capricious, not supported by substantial evidence, or otherwise not in
accordance with law.'' Moreover, ``findings of fact are conclusive
unless any reasonable adjudicator would be compelled to conclude to the
contrary.'' That deferential review standard for factual findings is
unwarranted. As with the administrative review process, the court must
stay the final nonconfirmation notice, unless it determines that the
``petition for review is frivolous, unlikely to succeed on the merits,
or filed for purposes of delay.''
The documentation requirements are unattainable. Like the
STRIVE Act, the documentation requirements are heavily focused on state
compliance with the REAL ID Act and a biometrically-enhanced Social
Security card.
Employers, state and federal government agencies, and SSA
are required to turn over to DHS confidential information about
workers. The bill permits data mining of SSA files, tax records, and
other federal, state, and territorial databases covering everyone in
the U.S. Multiple provisions requiring information-sharing give DHS
expansive access to (a) personal employee information held by
employers; (b) birth and death records maintained by states, passport
and visa records, and state driver's license or identity card
information; and (c) as an exception to tax code confidentiality
provisions, SSA records of taxpayers when the taxpayer's SSN or name or
address (for whatever reason) does not match SSA records, or when just
two taxpayers have the same SSN. It also allows DHS to access
``information'' from SSA that DHS ``may require.'' The provisions do
not require independent review, monitoring of disclosure, privacy
protections, notice to workers that their private information or
records have been disclosed, or recourse if overbroad information is
sought or misused.
Conclusion
As stated in the first part of this testimony, based on our
experience, NILC does not support the creation of a mandatory EEVS.
However, when the House of Representatives moves forward with its
immigration reform bill, which will inevitably include a mandatory
EEVS, it is critical that it be guided by the lessons learned from ten
years of experience with the Basic Pilot program. Put simply, if the
shortcomings of the Basic Pilot are not addressed before it is expanded
into a mandatory program, it will be a disaster for workers and
employers, and will put an enormous strain on already overburdened SSA
field offices. Because so much of the focus of EEVS proposals is on
DHS, it will be important for this committee to work closely with the
Judiciary Committee on any comprehensive immigration reform bill that
creates a mandatory EEVS to ensure that SSA has the necessary funding
and resources to carry out its duties. It will also be critical to
ensure that the weaknesses of the Basic Pilot are addressed before it
is expanded, including correcting SSA's database errors, and
implementing a monitoring system so employers do not use the system to
take adverse action against workers.
Chairman MCNULTY. Thank you.
Mr. Amador.
STATEMENT OF ANGELO I. AMADOR, DIRECTOR OF IMMIGRATION POLICY,
U.S. CHAMBER OF COMMERCE
Mr. AMADOR. Thank you. Good morning, Chairman McNulty,
Ranking Member Johnson, and distinguished Members of the
Committee. Thank you for inviting me to testify on EEVS today.
My name is Angelo Amador. I am the Director of Immigration
Policy for the Chamber.
We also chair the Essential Workers Immigration Coalition,
and are on the executive Committee of the Electronic Employment
Verification System working group. That is a business group,
but actually, as Tyler knows, we work very closely with groups
on the left, unions, and this is a system that really is going
to affect everyone, and we really need to work together to make
sure that all of the main issues are addressed.
The concerns of the business community about how this new
mandate is going to affect us cannot be overstated. The
Government Accountability Office, as was said earlier, estimate
that the cost of a new EEVS system that would apply to all
employees would cost about $11.7 billion per year, with
employers bearing most of the cost. Still, the Chamber is
willing to support a new EEVS as a necessary part of
comprehensive immigration reform.
While most of the press has concentrated on the issues of
the undocumented and the new worker programs with regards to
comprehensive reform, employers view the employer verification
system provisions as equally important. In fact, some of my
members view it as the most important part of comprehensive
reform.
As stated in my written testimony, the three issues are
interrelated, and comprehensive reform remains crucial to both
economic and national security for our country. Noted national
security experts have also reinforced that enforcement alone at
any level is not sufficient, and it would not be the solution.
Everyone agrees that the current immigration system is
broken and the status quo is unacceptable. But agreement on a
solution has been harder to find. States and localities have
responded to the lack of action at the Federal level with a
patchwork of immigration laws and enforcement, exposing
employers most deal with a broken legal structure of unfair
liability.
Many states and local governments are attempting to either
force employers and retailers to bear the costs of helping
shield undocumented workers, or are attempting to impose
additional worksite enforcement provisions. must know what
their responsibilities are, and having one Federal law with
strong state law preemption language will help alleviate any
confusion about employers' role under the law.
There are things that can be done immediately without
legislation, such as limiting the number of documents accepted
for verification under the I-9 system. Also, current documents
should be retooled so as to provide employers with a clear and
functional way to verify that they are accurate and relate to
the prospective employee.
As you know, there are more than 27 documents and
combinations of documents that you can use to prove your
employment eligibility. Some of them don't even have pictures.
So, you could technically get a job without showing an ID that
has a picture, and the employer is forbidden, because of the
current anti-discrimination provisions, from asking for other
pieces of ID.
In addition, I would like to mention seven other critical
things that are very crucial for the employer community. There
are some others that are in my testimony, and actually some are
addressed by Tyler as well, that I think are very important.
Just for the time being, I want to mention that, first,
enforcement of employment verification law resides properly
within the Federal Government. Accordingly, the Chamber
maintains that DHS, as the Federal enforcement authority with
responsibility in enforcement of section 274A, which is the one
that we are talking about, should remain.
You may be aware that the Federal RICO statute has recently
been used by private attorneys seeking to enforce immigration
law. Not only does this invade the province of the Federal
Government as sole enforcer of Federal immigration policy, it
also perverts the Federal RICO statute into a use that is
contrary to the intent of the statute. We do not want to create
a trial attorneys relief act.
Second, the power to investigate labor and employment
violations should be kept out a system created exclusively for
the purpose of verifying employment eligibility. The system
needs to be implemented with full acknowledgment that employers
already have to comply with a variety of employment laws. The
Code of Federal Regulations--actually, I looked at it this
morning--is more than 5,000 pages long.
Third, a new verification system should only apply to new
hires. Trying to re-verify the entire existing workforce of
over 140 million employees is a burden that is too high. Again,
I will be happy to talk about the different versions, but the
version of the Senate requires that you re-verify more than 140
million employees.
What we hear from our members, especially those that are
large, is that that is a monumental task. And there are other
ways of doing this. Again, with the turnover today, everybody
will be verified under the system in a couple of years.
Fourth, an employer should also be responsible only to
verify the work authorization of its own employees.
Fifth, an employer needs to be able to affirmatively rely
on the response as soon as possible. We think that 30 days
should be more than enough for DHS or Social Security or
somebody to tell us whether this person is authorized to work
or not.
There are concerns, as you might have heard, and it is in
the testimony, of the cuts that are implied when you have a
tentative nonconfirmation. For one, you cannot fire the worker.
Second, DHS wants to use the fact that this individual that
they told you not to fire to come and investigate and do raids
and other things.
Sixth, penalties must be tailored to the offense, and the
system must be fair. Automatic debarment from Federal contract
is not an authority that should be given to DHS. Indeed, a work
in process already exists in current law under the Federal
Acquisition Regulations.
Finally, let me know that we are concerned about undue
expansion of liability and new causes of actions which we have
seen in some formulations of electronic employer verification
systems. For example, the STRIVE Act, which I agree with Tyler
is probably the best effort right now at trying to address a
workable EEVS, but it still has--it would even make it illegal
for an employer to hire an American or a legal permanent
resident over a temporary worker that should be in the United
States only when employers cannot find enough of the first two.
Discrimination protections should be retained, as in
current law, to comport with the purposes of the program,
monitoring the hiring and firing process, not other terms and
conditions of employment.
Thank you for giving me the opportunity to come before you
today, and I look forward to your questions.
[The prepared statement of Mr. Amador follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman MCNULTY. Thank you.
Ms. Meisinger.
STATEMENT OF SUSAN R. MEISINGER, PRESIDENT AND CEO, SOCIETY FOR
HUMAN RESOURCE MANAGEMENT, ALEXANDRIA, VIRGINIA
Ms. MEISINGER. Mr. Chairman, Ranking Member Johnson,
Members of the Committee, my name is Sue Meisinger and I am
President and CEO of the Society for Human Resource Management.
I appear today on behalf of the more than 200,000 members of
the society, as well as being co-chair of the HR Initiative for
a Legal Workforce. I am grateful for this opportunity.
Our members represent the frontlines on workforce
verification, and therefore offer a crucial viewpoint on the
matter. We fully support and we are committed to the hiring of
only work-authorized individuals through an effective,
efficient, electronic employment verification system.
We also recognize that the current employment verification
system is in need of real reform. In fact, we believe that
verification is the linchpin of really, truly reforming the
immigration system.
As the debate on immigration reform continues, we urge
Congress to carefully consider the implications of any new
employment verification system, keeping in mind that this is
not just a debate about immigration reform. This is a debate
about workplace management, which impacts all employers and all
American workers, not just those who are foreign born.
My remarks will focus on the current employment
verification process, as well as our proposal to create a
potentially alternative effective employment verification
system.
As you know, under IRCA, employers are required to review
documents presented by employees, and after review, required to
attest on a Form I-9 that they have reviewed the documents and
that they appear genuine and authentic.
Even under the best of circumstances, HR professionals
encounter numerous challenges with the employment verifications
of IRCA. They include maintaining the I-9 records when an
employee presents a document that has an expiration date;
verifying the authenticity, the quality, the quantity of
documents presented by an employee for work authorization and
identification purposes; and simply managing the current I-9
system, which is burdensome and time-consuming.
The system is prone to fraud, forgeries, and identity
theft. It is difficult if not impossible for an employer to
differentiate between the legal and illegal worker in this
process. In addition, if an employer questions the validity of
documents too much, they are also vulnerable to potential
claims of discrimination.
Attempting to address the shortcomings of the paper-based
system, Congress created the Basic Pilot Program that we have
heard of this morning in great detail. Under this system,
employers can voluntarily check each new employee's work
eligibility using the electronic verification system, while
also having to do the paper check and maintaining the paper
records.
The system is supposed to respond to the employer within
three days with either a confirmation or a tentative
nonconfirmation of the employee's work eligibility. In the
cases of tentative nonconfirmation, a secondary verification
process lasting 10 days is initiated to confirm the validity of
the information provided and to provide the employer with a
confirmation of nonverification of worker eligibility.
Although it has been operational since 1997, and despite
the best efforts of the people in the government agencies
managing it, we think it is just flat-out inadequate to meet
the U.S. employer's needs in a global verification system.
As we heard this morning, over 92 percent of inquiries from
employers receive an instantaneous employment authorized
response. This means there is a no verification 8 percent of
the time. With 60 million new hires each year, this makes
mandating the system having an impact on about 5 million people
a year, as we have heard as well.
Since a significant percentage of the Basic Pilot queries
require human intervention, a lot of resources are going to be
needed to purge the various agency databases and improve
communication between the agencies. We think this is going to
be problematic.
Employers need the right tools to verify a legal workforce,
but we cannot have HR, and we should not have HR, be America's
surrogate Border Patrol agents. Rather, employers are entitled
to a clear answer to the query whether an employee is
authorized to work, and be able to reply to that response.
We believe that Congress must transform the current paper-
based verification process into a state-of-the-art electronic
system. Specifically, we advocate a system that would verify
identity through additional background checks and the voluntary
use of biometric enrollment conducted by government-certified
private vendors.
The system would be built upon background checks currently
conducted by many employers. Our own survey shows that 85
percent of our members do employment verification checks,
reference checks, to include forensic document examines and
tailored data mining in publicly available databases. An
individual's identity could be locked to biometric or other
secure identifiers through the process. Employees would not
need to present an identity card, just themselves.
Under our proposal, employers would be required to
participate in one or two electronic employment verification
systems. The first would be the current EEVS, but permitting
employers to access the system via phone and internet. The
second would be SEEVS, a more secure electronic employment
verification system. The state-of-the-art system would
identify, through additional background checks and voluntary
biometric enrollment conducted by private employers.
This system, we think, would answer two important
questions: Is the person identified by name, date of birth, and
Social Security authorized to work? Is the person actually who
he or she claims to be?
In the interests of time, I would like to conclude by
encouraging Congress to look at this carefully. We are very
concerned that in the rush to deal with immigration reform,
which we believe needs to happen, that there is a push to just
simply push this verification system through. And the word
chaos, I thought, was apt in describing what we think is going
to happen when this rolls forward.
Thank you.
[The prepared statement of Ms. Meisinger follows:]
Prepared Statement of Sue Meisinger, The Human Resource Initiative for
a Legal Workforce, Society for Human Resource Management, Alexandria,
Virginia
Mr. Chairman, Ranking Member Johnson, Members of the Committee. My
name is Susan R. Meisinger and I am the President and CEO of the
Society for Human Resource Management. I appear today on behalf of the
Society for Human Resource Management. I am also the Co-chair of HR
Initiative for a Legal Workforce. I am grateful for the opportunity to
provide our views on this important issue.
The Society for Human Resource Management (SHRM) is the world's
largest association devoted to human resource management. Representing
more than 217,000 individual members, the Society's mission is both to
serve human resource management professionals and to advance the
profession.
The Human Resource Initiative for a Legal Workforce is a coalition
of human resource organizations and business groups, representing
thousands of small and large U.S. employers from a broad range of
sectors. The HR Initiative includes SHRM, the American Council on
International Personnel, the College and University Professional
Association for Human Resources, the Food Marketing Institute, the HR
Policy Association, the International Public Management Association for
Human Resources, and the National Association of Manufacturers. Our
objective is to improve the current employment verification process by
creating a secure, efficient and reliable system that will ensure a
legal workforce and help prevent unauthorized employment.
Our collective members represent the front lines on workforce
verification, and therefore offer a crucial viewpoint on the matter. We
fully support and are committed to the hiring of only work-authorized
individuals through an effective, efficient electronic employment
verification system.
We also recognize that the current employment verification system
is in need of real reform. In fact, we believe verification is the
lynchpin for true immigration reform. Unfortunately, the current paper-
based employment verification system is inadequate to meet current and
future demands, and current proposals before Congress fall far short of
what is needed.
As the debate on immigration reform continues, we urge Congress to
carefully consider the implications of any new employment verification
system, keeping in mind that this is not just a debate about
immigration reform, it is a debate about workplace management, which
impacts all U.S. employers and all American workers, not just those who
are foreign born.
My remarks will focus on the employment verification process
established in the Immigration Reform and Control Act (IRCA) of 1986,
the state of the current electronic verification system, the Basic
Pilot Program that was enacted in The Illegal Immigration Reform and
Immigrant Responsibility Act (IIRIRA) of 1996, as well as our proposal
to create an effective electronic employment verification system in the
effort to ensure compliance with immigration laws at the worksite, and
to protect the civil rights and privacy of employees.
Mr. Chairman, under IRCA employers are required to review documents
presented by employees within three business days of hire demonstrating
identity and authorization to work in the United States. After
reviewing these documents, employers are required to attest on Form I-9
that they have reviewed the documents and that they appear genuine and
authentic. Under current law, 27 paper-based documents are available to
employees to demonstrate work eligibility, with 12 different documents
authorized under law to prove identity.
Even under the best of circumstances, HR professionals encounter
numerous challenges with the employment verification requirements under
IRCA. These include: maintaining the I-9 records when an employee
presents a document that has an expiration date; verifying the
authenticity, quality, and quantity of documents presented by an
employee for work authorization and identification purposes; and
managing the current I-9 process, which is burdensome and time-
consuming.
According to SHRM's 2006 Access to Human Capital and Employment
Verification survey, 60 percent of responding HR professionals
indicated that they continue to experience problems with the current
verification requirements of IRCA 20 years after its enactment. The
most common challenge cited is ascertaining the authenticity of
documents presented for employment (40 percent).
The current document-based system is prone to fraud, forgeries and
identity theft, making it difficult, if not impossible, for an employer
to differentiate between the legal and illegal worker in this process.
U.S. employers, whether large or small, cannot be expected to
consistently identify unauthorized workers using the existing system,
but they are liable for severe sanctions if these workers find their
way onto the payroll. Conversely, they are subject to claims of
discrimination if they question the validity of documents too much.
The proliferation of false or stolen documents can and does cause
reputable employers to mistakenly hire individuals who are not eligible
to work. At the same time, the lack of certainty and threat of
government-imposed penalties may lead some employers to delay or forego
hiring legal workers who are eligible. In either case, the costs are
high for both U.S. employers and legal workers.
In an attempt to address the shortcoming of the paper-based system,
Congress created the Basic Pilot program for employers to voluntarily
confirm an employee's eligibility to work using an electronic
verification system. Under the Basic Pilot program, employers are
required to review an employee's identity and work authorization
documents consistent with IRCA requirements, including completing all
Form I-9 paperwork. Employers are then required to check each new
employee's work eligibility using the electronic verification system.
The Basic Pilot system is supposed to respond to the employer
within three days with either a confirmation or a tentative non-
confirmation of the employee's work eligibility. In the cases of a
tentative non-confirmation, a secondary verification process lasting
ten days is initiated to confirm the validity of the information
provided and to provide the employer with a confirmation or non-
verification of work eligibility. Employers are not permitted to
terminate individuals that have received a tentative non-confirmation
until the employer has received a final non-verification or the ten-day
period has elapsed.
Although the Basic Pilot has been operational since 1997, and
despite the best efforts of the men and women who administer this
program in the USCIS, we believe it is inadequate to meet the needs of
all U.S. employers in the employment verification process. According to
the Government Accountability Office (GAO), in June of 2005, only 2,300
out of 5.6 million U.S. employers participated in the Basic Pilot in
2004. Even with the relatively low participation rate, the GAO found
that about 15 percent of all queries required additional verification
because the automated system was unable to provide confirmation
responses on the initial attempt.
In April 2007, the United States Citizen Immigration Services
(USCIS) testified before the House Judiciary Subcommittee that that the
total number of participating employers has risen to about 16,000
employers and that ``over 92 percent of inquiries from employers
receive an instantaneous employment authorized response.''
However, these numbers represent only a fraction of the nearly 6
million employers in the United States. According to USCIS, if all
employers were required to enroll in the Basic Pilot within 18 months,
as called for by some proposals in Congress, USCIS would need to enroll
approximately 20,000 employers a day. Expanding this system to cover
all employers as proposed--absent federal certification that the system
is adequately staffed and prepared to handle the increased workload--
will undoubtedly cause confusion, harm productivity, and deny eligible
workers employment opportunities.
Since a significant percentage of the Basic Pilot queries require
human intervention, substantial resources will be needed to purge the
various agency databases and improve communication between agencies.
This problem is likely to be exacerbated if participation increases
from 16,000 to all 6 million-plus employers. As we have seen in other
aspects of immigration adjudication, a substantial increase in
immigration-related caseload without corresponding increases in
resources can lead to major processing delays. Using USCIS's own
numbers of a 92 percent verification rate, millions of authorized
employees' verification for employment could be in jeopardy.
As evidenced in several recent high profile situations, there are
major concerns that the Basic Pilot's accuracy is severely limited by
the proliferation of fraudulent identity documents. This is because the
Basic Pilot system does not verify the authenticity of the identity
being presented for employment purposes, only that the identity
presented matches information in the Social Security and DHS databases.
In testimony to House Judiciary Subcommittee in April, Jack
Shadley, Senior Vice President for Human Resources for Swift & Company
detailed the shortcomings of the ``Basic Pilot'' employment
verification system. Despite the company's hiring processes, which
included participation in Basic Pilot, the government raided six Swift
production facilities on the morning of December 12th, 2006, and
detained 1,282 employees. Many were using stolen identities that could
not be detected by Basic Pilot. This event cost the company more than
$30 million and disrupted communities that Swift has worked hard to
enrich. As Mr. Shadley stated in his testimony:
``It is particularly galling to us that an employer who played by
all the rules and used the only available government tool to screen
employee eligibility would be subjected to adversarial treatment by our
government. These ICE raids once again highlight significant weaknesses
in the Basic Pilot program.''
In addition to concerns with premature expansion of the Basic
Pilot, several Congressional proposals also expose employers to
liability for actions beyond their control, such as the actions of
subcontractors. We strongly believe that U.S. employers should be
liable for their own hiring decisions, not those made outside their
control. Enforcement needs to be vigorous and fair, and should focus on
employers that blatantly ignore the law as opposed to employers who
commit paperwork or technical violations in their attempt to comply.
Employers need the right tools to verify a legal workforce.
However, HR cannot--and should not--be America's surrogate border
patrol agents. Rather, employers are entitled to an unambiguous answer
to the query whether an employee is authorized to accept an offer of
employment. Unfortunately, mandating the current Basic Pilot system
will not meet the needs of employers or employees.
We believe that Congress must transform the current paper-based
verification process into a state-of-the-art electronic system that is
accurate, reliable, cost-efficient, easy-to-use, and shares
responsibility among government, employers and employees. Specifically,
we advocate a system that would verify identity through additional
background checks and the voluntary use of biometric enrollment
conducted by government certified private vendors. According to SHRM's
2006 Weapons in the Workplace, 85 percent of responding HR
professionals indicated their organizations conduct background checks
of potential employees.
This system would build upon background checks currently conducted
by many employers, to include forensic document examination and
tailored data mining in publicly available databases. An individual's
identity could be ``locked'' to biometric or other secure identifiers
through this process. Employees would not need to present a card as
some have advocated, just themselves.
Under our proposal, employers would be required to participate in
one of two electronic employment verification systems:
EEVS--A completely electronic employment verification system
(EEVS) which improves upon the current Basic Pilot system and
permits employers to access the system via phone and internet.
Employers would verify identity by visually examining a limited
number of documents presented by the employee. Employers would
verify work authorization by submitting employee data to the
SAVE system. The verification process can be initiated either
post offer or acceptance of a job by an employee but prior to
the commencement of work or within the first 3 days after work
commences. The databases feeding into the SAVE system must be
upgraded to ensure all information is accurate and updated and
that secondary verifications are completed within 10 days.
Employers would continue to make subjective determinations that
the person presenting the documents is who he claims to be and
that the documents are valid on their face. The current I-9
form would be eliminated. Employers in this system would be
subject to the current range of enforcement efforts and
penalties.
SEEVS--A more secure electronic employment verification system
(SEEVS) that guard against identity theft would be available to
employers on a voluntary basis. This state-of-the-art system
would verify identity through additional background checks and
voluntary biometric enrollment conducted by private vendors.
The employee's work authorization would continue to be verified
through the SAVE databases. By eliminating subjective
determinations of work authorization documents, this system
will eliminate discrimination and simplify enforcement. There
will be only two enforcement questions for the government: 1)
Did you check every employee through the system in a fair and
equal manner? 2) Did the employer make his/her hiring decisions
consistent with information they received through the system?
Employers participating in this system would be deemed to be in
compliance absent a showing of bad faith.
The proposed SEEVS system would prevent identity fraud by
automatically recognizing an individual based on measurable biological
(anatomical and physiological) and behavioral characteristics. The new
system would be able to answer two vital questions:
1. Is the person identified by name, date of birth, and social
security number authorized to accept the employment being offered?
2. Is the person actually who he or she claims to be?
We also believe that any such secure electronic employment
verification system as described above needs to meet standards set by
the National Institute of Standards and Technology (NIST) from a
technology and a privacy standpoint. The SEEVS model for prevention of
identity theft lies in authorizing competing private entities,
certified by the Government with the involvement of NIST, to develop
and conduct the process necessary to verify the identity. The privately
held databases would be protected from disclosure by law and held in a
segregated fashion that would prevent linking of identity to biometrics
without the enrolled person presenting his or her biometrics as the
key.
We do not believe a biometric card is necessary to have an
effective employment verification system. A new biometric card, such as
a Social Security card, would cost billions of dollars to create,
foster visions of a national ID card, and would tax the current
capabilities of the Social Security system. Finally, as we have
discussed and has been demonstrated before through cases such as the
Swift, government-issued identity and work authorization cards
eventually can be counterfeited by those who want to circumvent the
system.
If adequately funded and fairly administered, SHRM and the HR
Initiative believe this new system could eradicate virtually all
unauthorized employment--thereby eliminating a huge incentive for
illegal immigration. It will also eliminate discrimination by taking
the subjectivity out of the verification process.
Finally, we strongly recommend that the Federal Government,
specifically the Department of Homeland Security, take sole ownership
of enforcing immigration laws at the worksite. Recently, partially due
to an understandable frustration on the part of state and local
governments over the lack of immigration control, many jurisdictions
have enacted their own laws on employment eligibility verification.
With all due respect to these states and municipalities, it is the U.S.
Congress that has plenary authority, and the expertise, to deal with
this issue. Moreover, it is extremely hard on employers, especially
ones with presence in several states, to keep up with the various
requirements. Ironically, while law-abiding employers risk exposure
because of inadvertent mistakes or confusion over the different and
possibly contradictory requirements, unscrupulous businesses can
continue to hire off the books with virtual impunity. We suggest that
worksite enforcement must be vigilant, and that the Federal Government
must hold all employers to the same standards and same set of
requirements.
True employment verification is the only way to ensure fair and
equitable treatment for those individuals who should have access to
legitimate jobs. It is essential for a legal workforce and for
America's national and economic security.
Both SHRM and the HR Initiative coalition look forward to working
with the committee on a new verification system that is effective,
secure, easy to use, and in which both employees and employers can
place their trust.
Chairman MCNULTY. Thank you very much.
We have two votes on the House floor. Since this is a 15-
minute vote and we are just at the beginning of it, we are
going to try to hear Mr. Neumann's testimony, perhaps Mr.
Rotenberg. We will get as far as we can before we have to run
over to vote. Then we will do two votes back to back and
reconvene here as quickly as possible, hopefully only detaining
for a 15-minute break.
So, Mr. Neumann may start.
STATEMENT OF PETER G. NEUMANN, PRINCIPAL SCIENTIST, COMPUTER
SCIENCE LABORATORY, SRI INTERNATIONAL, MENLO PARK, CALIFORNIA,
ON BEHALF OF THE U.S. PUBLIC POLICY COMMITTEE OF THE
ASSOCIATION FOR COMPUTING MACHINERY
Mr. NEUMANN. Thank you very much for the invitation to be
here. It is a very important topic, and I hope I can shed some
constructive background on it.
I am speaking on behalf of the USACM, the U.S. Public
Policy Committee of the Association for Computing Machinery,
which is a nonprofit group, over 80,000 people dedicating to
constructive use of computer technology. I also speak as
someone who has over 50 years of experience in research and
development, and a sideline interest of collecting stories on
things that failed.
If you ask me questions about it, I will talk about the IRS
failure, the air traffic control modernization failure, the FBI
virtual case file problems, the deadbeat dads, and so on. There
are just an enormous number of cases in which large systems
collapsed. The first two of those were $4 billion efforts that
were eventually canceled after it was recognized that they
could never succeed.
The task that you are embarking on with a modernization or
upgrading of EEVS reminds me of a metaphor, because if you look
under the eaves, you typically see rodents and termites and dry
rot from roof leaks in a badly built house, or even some of the
well-built houses. You also have ongoing maintenance problems
of having to clean out the gutters, and the liability lawsuits
when the maintenance guy falls off the ladder.
[Laughter.]
Mr. NEUMANN. So it is a much bigger problem than it is
normally conceived. When somebody tells you, yes, we can build
this system, I will give you hundreds of examples of things
that have gone wrong over the years, and reasons why most of
the systems don't work.
If Ranking Member Johnson will ask me about tamper-proof
systems, there are no such things. There might be some tamper-
resistant ones and tamper-evident systems, but some of my
colleagues can break just about anything that has ever been
built.
I would like to very briefly outline some of the more
critical issues. In my written testimony, I go through
considerable detail on things that have to be fixed before this
could possibly work, assuming that it ever possibly could work.
In particular, the sensitive information needs to be
protected. This is an extremely different problem--difficult
problem, rather--because many of the privacy problems are
extrinsic to the system. They involve insiders who have
legitimate access and who can misuse that access, for example.
They are based on computer systems that are not secure, which
means, since you put it on the Internet, you have a great many
problems.
Authentication: Passwords are mentioned. Passwords are an
extremely weak form of protection. We need something much
greater than that, especially when we start sharing across the
Internet.
One of the biggest problems that you are going to face is
the scalability problem. I will give you two examples. The
simplest example is the man who starts out with a hamburger
stand and expands it into a worldwide chain. The logistic
problems, the financial problems, the health problems, and so
on are orders and orders of magnitude more complex. It does not
scale in any reasonable sense.
A more computer-related example is taking MS DOS, which had
no security in it whatsoever, and suddenly saying, we are going
to build a variant of that that is accessible to everybody in
the world over the Internet. There is no security in the
Internet. There is very little security in some of the systems
that we are dealing with. The result of all of that is that we
are living in a world where you cannot really guarantee
anything about protection.
Authentication and accountability are absolutely
fundamental. Oversight. Audit trails. It represents an enormous
problem, but then you have the problem of who can look at the
audit trail, who can modify the audit trail. It should never be
modifiable, of course.
You then have all of the level playing field issues that
smaller organizations may be very seriously disadvantaged,
especially by the realtime requirement, where they don't even
have access to computers at the time that they need it.
So, I think the bottom line here is that experience has
taught us over the years, for those of us who have been deeply
involved in building systems and analyzing them and analyzing
why they don't work, that systems like EEVS are subject to an
enormous number of pitfalls. those are anticipated from the
very beginning, they can never be overcome in an incremental
way.
I think the real problem here is that we tend not to
anticipate all of the problems. We said, oh, let's go and build
this thing. We are told that it can work. Our subcontractors
are all very happy to take our money and build it. And, in
fact, when it doesn't work and it get canceled years later, the
same guys go off and build another system.
So, I think the problems here are ones that you really need
to look at proactively before you engage in any legislation.
So, on one hand, as a technologist, I can say, well, I could
build something that might work in the small. However, when you
scale it up to the massive number of uses over the Internet,
where they are accessible from anywhere in the world, from any
hacker, cracker, terrorist, or anybody else who can either
bring down the system or access it, you have a totally
different ball game than the one that you think you are dealing
with.
Thank you very much for inviting me, and I look forward to
your questions.
[The prepared statement of Mr. Neumann follows:]
Prepared Statement of Peter Neumann, Principal Scientist, Computer
Science Laboratory, SRI International, Menlo Park, California, on
behalf of U.S. Public Policy Committee of the Association for Computing
Machinery
Security and Privacy in the Employment Eligibility Verification System
(EEVS) and Related Systems
This testimony addresses some of the potential pitfalls that should
be considered when planning systems with extensive computer database
applications containing personal information, such as the Employment
Eligibility Verification Systems (EEVS). Many of these concerns are
also applicable to related programs such as US-VISIT and REAL-ID and to
peripheral systems that may depend on EEVS or result from
interconnections among those other systems. Widespread problems have
arisen in efforts to develop complex systems that must satisfy critical
requirements for security and privacy; these problems are also
considered. Furthermore, there is a pervasive tendency to overestimate
the benefits of computer-related technologies as would-be solutions to
societal problems. We should not expect easy technological answers to
inherently difficult problems. People are almost always the weakest
links, although in many cases the system design and implementation
create further weak links. A deep awareness of the long-term problems
is essential before adopting legislation that might promise to help in
the short term.
1. Introduction
Thank you, Chairman McNulty and Ranking Member Johnson, for the
opportunity to testify at today's hearing exploring issues related to
proposed changes to the EEVS. I commend you for exploring the policy
and technology issues associated with current proposals to expand and
make this program mandatory. The computing community has often seen
problems that resulted from policies established without careful
consideration of the inherent limitations of technology. This can
result in serious technical and social hurdles, and can lead to
problems that are difficult to remediate once they have occurred, but
that could have been prevented proactively. We hope that your efforts
can help to avoid such difficulties.
As Principal Scientist in the Computer Science Laboratory at SRI
International (formerly Stanford Research Institute), where I have been
since 1971, and as someone with 54 years of experience related to
computer and communication technologies, I have explored the
intersection of technology and policy in numerous contexts, with a
particular focus on system trustworthiness, security, and privacy
issues. These areas are particularly relevant to the technology and
policy nexus because privacy and equal treatment under law are
fundamental rights; technology can at the same time help secure and
also undermine those rights--depending on the policies and practices
for its use. Privacy and security are inextricably linked. One cannot
ever guarantee complete privacy, but the difficulties are severely
complicated by systems that are not adequately secure. Creating complex
systems that are dependably trustworthy (secure, reliable, survivable
in the face of many adversities, and so on) remains a grand challenge
of computer science. As we review a proposed expansion to the EEVS,
USACM sees a number of issues that should be explored, debated, and
resolved before adopting this massive new system for identity
verification.
This statement represents my own personal position as well as that
of the Association for Computing Machinery's (ACM) Committee on U.S.
Public Policy (USACM). ACM is a non-profit educational and scientific
computing society of more than 80,000 computer scientists, educators,
senior managers, and other computer professionals in government,
industry, and academia, committed to the open interchange of
information concerning computing and related disciplines. The Committee
on U.S. Public Policy acts as the focal point for ACM's interaction
with the U.S. Congress and government organizations. It seeks to
educate and assist policy-makers on legislative and regulatory matters
of concern to the computing community. (See http://www.acm.org and
http://www.acm.org/usacm.) A brief biographical paragraph is appended.
2. Issues of Specific Concern in the EEVS
The information transmitted to and stored in EEVS includes all of
the primary personal identifiers in the U.S. As such, any compromise,
leak, theft, destruction, or alteration of this data would have severe
consequences to the individuals involved, including, but not limited
to, identity theft and impersonation. It is thus essential that the
system be designed, constructed, and operated with the quality of
protection that is essentially that required for classified national
security information.
2.1. Transmission of Information
Any legislation requiring the transmission of personal information
across the Internet should require secure transmission of this
information. Employers and agencies participating in the program should
be required to have strong encryption, strong authentication, or even
elementary security (such as Secure Socket Layer, SSL) for
transmissions to and from employers. Calling out such specific
technologies and details would be inappropriate for statutory language;
however, the legislation should include performance-based standards for
security that limit the exposure of personal information and provide
accountability for every step in handling and processing this
information. This will make it clear to agencies that implement the
system, and employers who use the system, that the security of personal
information is as valued by policymakers as the reliability and
timeliness of responses. In the case of EEVS and many other important
systems, it is much more important to have continuing trust in the
security and accuracy of the information rather than to get results in
the shortest possible time.
We recommend that legislation require that the system be designed
to protect the integrity and confidentiality of information, that an
independent security review evaluation be conducted before the system
is deployed, and periodically after deployment, and that the results of
these evaluations be made public. The systems and their operation
should be required to follow Fair Information Practices. See also
USACM's recommendations for database design (http://www.acm.org/usacm/
Issues/Privacy.htm).
We further recommend that the legislation require security breach
notification: if administrators become aware of any breaches that could
potentially affect personally identifiable information, then they must
publish a disclosure and must notify all individuals who may be
affected. Congress could model this after various state disclosure
laws, such as one recently passed in California.
We also recommend that individuals be notified whenever someone
accesses their records. The cost would be small, relative to other
costs of the system: one letter or e-mail per job application.
2.2. Accountability for Access to Information
Accountability from the end user to the system administrator is
vital in a computing system for ensuring the integrity of the system.
If people are not held accountable for their actions, then policies
intended to curb abuse will be undermined as users circumvent policies
to make their jobs easier. One way of improving accountability in any
computing system is by requiring strong user authentication and access
controls coupled with thorough tamper-resistant and tamper-evident
logging of all activity. In addition, all system accesses should log
who accessed which records, and individuals whose information is stored
should be informed who has accessed their records. This would then
allow concerned individuals to detect misfeasance and improper access
to their records. Each employer should identify a compliance officer
(distinct from EEVS users). The system should automatically detect
unusual user behaviors (to the extent technically feasible) and report
them to compliance officers.
Some strong controls are clearly needed to explicitly bind the
access of a particular request to a specific authorized requestor
acting in a specific role for a specific employer. The same controls
should be applied to the operators of the system. Names, titles, and
SSNs of authorized system users are not enough.
Access controls are also critical if individual employees are going
to access the system to check their own information. Procedures and
policy need to be in place to restrict employees' access to only their
own information. The ability to check the accuracy of one's own
information is very important. However, such accesses also need to be
controlled and audited, at least as extensively as the accesses on
behalf of an employer--particularly to be able to identify systematic
misuses.
2.3. Scalability
To date the system has functioned as a pilot program. The pilot has
about 8,600 employers (June 2006 number) registered, with about half of
those employers considered active users. This is out of about 5.6
million employers (as of 2002) that would eventually use the system
once the law is fully implemented. Just because it seems to work for a
small number of employers does not imply that it would work for all
employers. The scalability of EEVS is a very serious architectural
issue, because it will have to handle at least a thousand-fold increase
in users, queries, transactions, and communications volumes. As a
general rule, each time a system grows even ten times larger, serious
new technical issues arise that were not previously significant.
At present, eight percent of confirmation requests cannot be
handled immediately. This percentage needs to be reduced significantly
as the number of employers increases. This would reduce the frustration
with the system as well as the additional time required for manual
confirmation for those records that could not be immediately verified.
The additional human resources and associated costs necessary to handle
this burden must be taken into account and included in budgets.
In general, it is risky to operate a system outside its intended
design capacity and rely upon it to work under all circumstances,
unless it has been carefully designed and implemented with scalability
specifically in mind. Issues relating to inadequate scalability could
completely compromise the effectiveness of the resulting system.
2.4. Accuracy of Information
The system has weaknesses about the accuracy of information
presented to the system by an employee or employer as well as the
accuracy of the underlying databases.
Speaking to the first kind of inaccuracies--fraudulent documents--
the GAO has indicated that the Basic Pilot cannot effectively detect
identity fraud. Proposals to add a digitized photograph to any
employment authorization document would help make sure the employer
could confirm that the photograph on the documents matched the employee
presenting them. However, it is unclear how much this would reduce
identity theft.
The inevitable cat-and-mouse game that always occurs in security
(an ever upward escalating spiral in measures and countermeasures) is
likely to occur between the security control and those seeking to
commit fraud. As it becomes known that photo verification is a security
feature, obtaining official documents under false pretenses will become
more valuable. This could be done by bribing an insider or providing
fraudulent documents to obtain the identification. The fraud is simply
moved to a different part of the system. We also note that requiring
REAL-ID, as envisioned by the DHS's rules for implementation of the
REAL-ID system, will not solve the insider threat problem. This was
pointed out in USACM's comments on the REAL-ID rulemaking. (See the
``insider threats'' heading in USACM's comments: http://www.acm.org/
usacm/PDF/USACM_REAL_ID_Comments_FINAL.pdf)
Carefully developed standards for digital photographs are
necessary--much like those for driver's licenses--although they will
not be sufficient for the prevention and detection of forgeries.
Serious areas of concern also exist for the second kind of
inaccuracies--bad information in the underlying databases, delays in
entering or revising information, and inconsistencies and name
confusions among different databases. The Social Security database is
known to have a high number of errors in name matches, as well as some
duplicate numbers. For example, the Social Security Administration's
Office of the Inspector General recently estimated that the SSA's
`Numident' file--the data against which Basic Pilot checks worker
information--has an error rate of 4.1 percent. If each of 5.6 million
employers made a query of a different potential applicant, that
percentage suggests that on average more than 200,000 of them might get
false responses.
The other databases the system will rely on will have similar
issues. We certainly recognize and endorse the importance of provisions
that allow individuals to check the correctness of information in the
system that relates to them. However, a better defined process of
correcting any erroneous information would be the necessary next step
in improving the reliability of these databases, and the system as a
whole. The risks of incorrect information are considerable, although
establishing standards and procedures for accuracy to avoid those risks
and to remediate errors and malicious misuse is an extremely difficult
task. Numerous potential employees could be wrongly denied employment
because of inaccurate records, if this problem is not addressed.
Risks of identity theft and privacy violations are also present--
for example, if unauthorized or surreptitious accesses, or even
changes, can be made. Explicit provisions are needed to protect
employees and potential employees from adverse consequences of database
and data entry errors.
Employers should also be held accountable for misuse of their
blanket access privileges, such as using the data for running credit
and insurance checks, engaging in blackmail, and other inappropriate
purposes.
USACM encourages Congress to consider undesirable effects of false-
positive and false-negative results. (A false positive is when a
response indicates someone may be hired, only to be overturned later. A
false negative would be when a response indicates someone has not been
confirmed, only to be shown later to be incorrect.) Given the
possibilities for error, identity theft, and system failure, employers
should be protected from penalties when acting in good faith, and
potential employees should be protected against discriminatory
behavior. This is a policy issue rather than a technical issue, but
directly arises from using an imperfect system as an arbiter.
It must be possible for authorized staff, as well as potential
employees, to challenge incorrect EEVS data and determinations.
2.5 National ID System Concerns
Although there is no national ID card requirement attached to the
EEVS, the connections to various databases are similar to the REAL-ID
system currently proposed by DHS. If the EEVS does store query
information or holds duplicates of information gleaned from the
databases it interacts with, then it will have the appearance of a
national identity system. As the existence of a national ID is not
authorized by the proposed Senate immigration reform legislation, the
Department will need to take care to avoid even the appearance of
providing such documentation. The tradeoffs here are extremely complex,
but are probably already being discussed in other testimony and other
hearings.
2.6. Accessibility Issues
The potential lack of timely and highly available remote access to
EEVS is another concern. Many small employers may not have Internet
access or even computers that would allow them to have access. Examples
might include small shop owners who want to hire clerks, and farmers
who want a few hired hands. Furthermore, access via slow-speed dial-up
connections is not likely to encourage consistent system use. Real-time
confirmation of employability is less likely to occur consistently in
such cases, and in cases of loss of computing or communication
connectivity.
Perhaps even worse, poorly protected systems and poorly trained
users will probably fall victim to ubiquitous security vulnerabilities
and malicious software on the Internet. Many casual or novice computer
system users could become unsuspecting victims of scams, phishing
attacks, identity theft, and so on--as a consequence of being forced to
add computing and connectivity to support use of EEVS.
It is also a certainty that criminal elements will craft phishing
e-mail appearing to originate from the Department of Homeland Security.
This would include pointers (URLs) to what appear to be DHS websites
with the DHS seal and apparent certificates that are essentially
indistinguishable from the real websites. Unsuspecting users who visit
these sites might then be victimized, resulting in significant
financial losses and other serious consequences that typically result
from identity thefts. Skilled identity thieves are likely to be able to
scam the system itself more readily than authorized individuals can
protect themselves or correct data errors.
A further problem is that many of the computer systems used to
access EEVS may not have adequate security, and may have been
compromised. Unfortunately, the security of EEVS itself may be
subverted by the lack of security in other connected systems (which
potentially implies the entire Internet).
For these reasons, despite its possible benefits, EEVS might
actually make identity theft easier and at the same time make
remediation and recovery more difficult.
3. Broader Concerns
The current state of the art in developing trustworthy systems that
can satisfy critical requirements such as security, reliability,
survivability, and guaranteed real-time performance is truly very poor.
This is not a newly recognized problem, and was well documented in 1990
in a report, Bugs in the Program, by James Paul (Subcommittee on
Investigations and Oversight of the U.S. House Committee on Science,
Space, and Technology). Subsequently, I presented four testimonies
(1997, 1999, 2000, and 2001) for various House committees--each of
which suggested that the overall situation had incrementally gotten
worse. Of specific relevance to this testimony was my written testimony
for the House Subcommittee on Social Security, The Social Security
Administration: PEBES, Identity Theft, and Related Risks, on May 13,
1997--now more than 10 years ago. Similar conclusions appear in my
testimonies for Senate committees (1996, 1997, 1998). (These
testimonies are all online, with links from my website, http://
www.csl.sri.com/neumann.)
Software development fiascos abound--including many highly visible
projects that have been late, over budget, or indeed abandoned after
many years and large expenditures. My Illustrative Risks compendium
index (http://www.csl.sri.com/neumann/illustrative.html) cites numerous
examples such as the IRS and Air Traffic Control modernization programs
and the FBI Virtual Case File, to cite just a few. See also the PITAC
report, Cyber Security: A Crisis of Prioritization: http://
www.nitrd.gov/pitac/reports/20050301_cybersecurity/cybersecurity.pdf.
Privacy problems are also manifold, and becoming increasingly
complex as ubiquitous dependence on computerized databases increases.
The extent to which computer systems and databases can enforce privacy
policies is severely limited by the absence of meaningfully secure
systems, and by the number of privacy violations occurring outside of
the confines of the computer systems. Correctness and timeliness of the
data are also major concerns.
Several problems with identity management must be addressed. The
existing infrastructure is riddled with security and reliability
vulnerabilities, and is not sufficiently trustworthy. Because many of
the privacy problems are related to total systems (encompassing
computers, communications, people, and procedures), they cannot be
adequately protected by technological approaches alone. Identities are
typically subject to masquerading and spoofing. Name confusions such as
alternative spellings and aliases cause major confusions.
Authentication is often compromised by "social engineering" and other
nontechnological bypasses. Authorization is typically inadequately
fine-grained (and worse yet, often supposedly all-or-nothing, but
bypassable). Blanket authorization should be avoided, observing the
Principle of Least Privilege--under which access authorizations should
be restricted to just what is needed to accomplish that intended task
rather than being overly broad.
It is also worth noting that there are cases where identities need
to be masked. Examples include individuals protected under the Federal
Witness Protection Program, individuals granted asylum from other
countries and given new identities, undercover intelligence agents,
undercover law-enforcement agents working criminal cases, and sky
marshals. (Note that the Transportation Security Administration somehow
lost the employee personnel records for 2003-2005.) All of these people
need to have verifiable identities that stand up to any scrutiny,
online or otherwise. Exposure of their real identities may result in
their violent deaths, compromises of national security, and possible
violence to their friends and families. Those individuals will likely
need employment under their alternate identities, and it must be
ensured that any system implemented for EEVS does not endanger their
cover identities. The more that databases become cross-linked, the more
difficult it becomes to prevent errors and leakage of such sensitive
information. Furthermore, such linkages make these database systems
higher-value targets for criminals.
The requirement of masking, aliasing, or otherwise providing
alternative identities seems to create a fundamental conundrum:
maintaining the accuracy of a critical database while simultaneously
undermining its accuracy may impair the accuracy of other data in the
process.
Past legislative efforts for improving accuracy and integrity of
public databases have caused serious problems with the viability of
other systems. For example, the Help America Vote Act mandated
statewide-centralized voter registration databases that must verify the
accuracy of records by matching them with drivers' license records.
States such as California found that the data-matching requirements in
practice led to high rejection rates in some counties, depending on how
strictly the data was interpreted across databases. This had the effect
of reducing, not improving, voter registration list accuracy, because
legitimate voters were removed from the rolls because of address typos
and name variants.
4. Conclusions
The problems identified in this testimony are fundamental in the
context of EEVS-like systems. There are many risks. Essential concerns
for system and data security, system and data integrity, and individual
privacy must be anticipated from the beginning and reflected throughout
design, implementation, and operation. Many potential slippery slopes
must also be anticipated and avoided. Privacy requires a real
commitment to creating realistic policies and enforcing them.
Experience has taught us that the design of information systems is
subject to many pitfalls that can compromise their effectiveness. If
EEVS is not appropriately implemented, it could--like many past
systems--be subject to problems that include, but are not limited to,
the following:
Difficulties in maintaining accuracy, correctness, and
timeliness of the database
Inconsistencies among widely distributed systems with
distributed data entry
A popular tendency to place excessive faith in the
trustworthiness of the system's responses
A common tendency to place excessive faith in the
infallibility of identification, authentication, and access controls to
ensure security and privacy
The lack of scalability with respect to ever-growing
enormous databases, massive numbers of authorized users, and consequent
communication and access limitations
The complexity of requirements imposed by
noncompromisible auditing and accountability, both of which introduce
further problems with respect to system security and integrity and with
respect to data privacy
The complexity of audit trails and notification of
accesses to audit trails themselves
The risks of exacerbated problems that result from
mission creep--as further applications tend to be linked to the
originally intended uses, and as control of the above factors becomes
less possible
Similar risks related to feature creep, with or without
any oversight and audit mechanisms.
``Piggybacking'' by other agencies--e.g., law enforcement
and DHS might want to place silent-hit warnings (as was considered in
the late 1980s for the National Crime Information NCIC system) that
would inform them who was seeking information for anyone who was under
surveillance. Linkages with databases for deadbeat parents, student
loan defaulters, and other applications might also be contemplated.
Each such connection would expand the exposure of the system and the
dangers of incorrect data and data leakage.
Congress should establish clear policies and required outcomes,
rather than prescriptive or detailed technical processes or systems.
The technical challenges to achieving the policies and outcomes should
be fully documented in the Congressional Record of the legislation.
Considerably more focused research is needed on total-system
approaches that address identity authentication, authorization, and
data protection within the context of overall system architectures for
security and privacy. (For example, some promising new developments
enable the use of cryptography to enable certain queries to be answered
without requiring decryption and release of excessive information in
violation of the Principle of Least Privilege. These techniques appear
to be significantly less subject to misuse, including insider misuse.)
Such approaches may be more effective than trying to rely on biometric
and other devices whose effectiveness may be compromised by
technological or operational flaws in the systems in which they are
placed and errors in human judgment. Finally, incentives are needed to
ensure that research and innovative prototypes are relevant to the
real-world problems and to ensure that these advances find their way
into the development and operation of practical systems.
Although similar comments can be made about REAL-ID and any other
national identification systems, all of these concerns are specifically
relevant to systems such as EEVS.
We have not attempted to be complete here, but rather to focus on
the main issues. There are many relevant reports of the Government
Accountability Office, the National Research Council, and other sources
that I hope you have already seen. Whereas USACM and I speak from a
technical perspective, we recognize the political imperatives regarding
immigration and employment. We urge the Congress to focus on creating
the right incentives for operators and employers that maximize
achievement of our immigration laws and each citizen's right to work
while minimizing privacy invasion, ID theft, and criminal activity. In
this effort, technology should be seen as a supporting block, not the
keystone of the arch.
We look forward to any further questions that might arise from your
reading of this written testimony or from my oral testimony.
Acknowledgments
I am particularly grateful to Cameron Wilson (ACM Director of
Public Policy), David Bruggeman (USACM Public Policy Analyst), Eugene
Spafford (USACM Chairman, and Professor at Purdue University), Jim
Horning, and many other members of USACM for their generous help in my
preparing this testimony on rather short notice.
Contact Information
Peter G. Neumann
SRI International, Computer Science Laboratory
Menlo Park CA 94025-3493
[email protected]
http://www.csl.sri.com/neumann
Personal Background Information
Peter G. Neumann ([email protected]) has doctorates from Harvard
and Darmstadt. His first technical employment was working for the U.S.
Navy in the summer of 1953. After 10 years at Bell Labs in Murray Hill,
New Jersey, in the 1960s, during which he was heavily involved in the
Multics development jointly with MIT and Honeywell, he has been in
SRI's Computer Science Lab since September 1971. He is concerned with
computer systems and networks, trustworthiness/dependability, high
assurance, security, reliability, survivability, safety, and many
risks-related issues such as voting-system integrity, crypto policy,
social implications, and human needs including privacy. He moderates
the ACM Risks Forum (comp.risks), edits CACM's monthly Inside Risks
column, and is the Chairman of the ACM Committee on Computers and
Public Policy (ACM-CCPP), which serves as a review board for RISKS and
Inside Risks and is international in scope. He is also a member of
USACM, which is independent of ACM-CCPP. He created ACM SIGSOFT's
Software Engineering Notes in 1976, was its editor for 19 years, and
still contributes the RISKS section. He has participated in four
studies for the National Academies of Science: Multilevel Data
Management Security (1982), Computers at Risks (1991), Cryptography's
Role in Security the Information Society (1996), and Improving
Cybersecurity for the 21st Century: Rationalizing the Agenda (2007).
His book, Computer-Related Risks (Addison-Wesley and ACM Press, 1995),
is still timely--including many of the problems discussed above. He is
a Fellow of the ACM, IEEE, and AAAS, and is also an SRI Fellow. He
received the National Computer System Security Award in 2002 and the
ACM SIGSAC Outstanding Contributions Award in 2005. He is a member of
the U.S. Government Accountability Office Executive Council on
Information Management and Technology, and the California Office of
Privacy Protection advisory council. He has taught courses at
Darmstadt, Stanford University, the University of California at
Berkeley, and the University of Maryland. Neumann chairs the National
Committee for Voting Integrity (http://www.votingintegrity.org). See
his website (http://www.csl.sri.com/neumann) for prior testimonies for
the U.S. Senate and House and for the California state Senate and
Legislature, publications, bibliography, and further background.
Dr. Neumann is Principal Investigator for two SRI projects that are
relevant to this testimony:
Privacy-Preserving Credentials, one of several
subcontracts from Dartmouth College, Assessable Identity and Privacy
Protection, funded by the Department of Homeland Security, 2006-CS-001-
000001-02, FCDA #97.001. The SRI project is part of a collaborative
team project jointly with the University of Illinois at Urbana-
Champaign, Cornell, Purdue, and Georgia Tech. The project is
contributing some highly innovative cryptographic research and
extensive system experience to the application of practical techniques
for advanced identity management with demonstrations of applications
that will include health care and finance but that have significant
relevance to identity management generally.
A Center for Correct, Usable, Reliable, Auditable and
Transparent Elections (ACCURATE), NSF Grant number 0524111. ACCURATE is
a collaborative effort with colleagues at Johns Hopkins, Rice, the
University of California at Berkeley, Stanford, the University of Iowa,
and SRI. It is examining techniques and approaches for voting systems,
with particular emphasis on security, integrity, and privacy. SRI
Neumann contributes to the following DHS project:
Cyber Security Research and Development Center (CSRDC),
Department of Homeland Security, Science and Technology Directorate,
DHS Contract HSHQDC-07-C-0006 to SRI International. CSRDC is providing
extensive support for S&T Program Manager Douglas Maughan's R&D
program. (http://www.csl.sri.com/projects/csrdc and http://
www.cyber.st.dhs.gov)
Chairman MCNULTY. Thank you very much.
The Members will now run over to the House floor to vote.
There are 5 minutes left on this vote, and the next vote will
be directly afterward, so we should be able to vote and
hopefully only be gone for 15 minutes. When we return, we will
hear from Mr. Rotenberg, and then allow for questions. Thank
you for your patience.
[Recess.]
Chairman MCNULTY. The hearing will come to order. Sorry for
the delay. We know that your time is very valuable, and we very
much appreciate the fact that you are spending some of it with
us here today.
We have heard from the first four witnesses on this panel,
and we will now hear Mr. Rotenberg.
STATEMENT OF MARC ROTENBERG, EXECUTIVE DIRECTOR, ELECTRONIC
PRIVACY INFORMATION CENTER
Mr. ROTENBERG. Thank you very much, Chairman McNulty and
Ranking Member Johnson, Members of the Subcommittee. Thank you
for the opportunity to testify today.
My name is Marc Rotenberg. I am Executive Director of the
Electronic Privacy Information Center. We are a public interest
research organization here in Washington, D.C. We track
emerging privacy issues. We have also frequently been before
the Subcommittee to discuss the privacy impact of proposals
that involve the use of the Social Security number and SSA
records.
We recently did a detailed report on the employment
verification systems that are contemplated in both the Senate
and the House bills. That report is simply titled, ``National
Employment Database Could Prevent Millions of Citizens from
Obtaining Jobs.'' I would like to add that it be included in
the hearing record as part of my statement, if that is okay.
Chairman MCNULTY. No objection.
Mr. ROTENBERG. Thank you. I would like to today highlight
the key findings of our report. The central conclusion that we
reached is that the employment verification system has
significant weaknesses. It will pose enormous burdens for
employers, and put the privacy rights of American workers at
substantial risk.
It will also give the Federal Government an extraordinary
amount of new power over the lives of Americans, as well as
greatly expand the role of the Department of Homeland Security
in the American labor force.
I want to say a word about the Department of Homeland
Security. As Mr. Johnson mentioned earlier, there is, of
course, this very significant concern about the misplaced disk
drive that contained the employment records of 100,000 TSA
employees who had been hired between January 2002 and September
2005. I think it is important to understand the significance of
this particular incident.
You have heard a great deal of testimony this morning about
the problem of record accuracy. No doubt, if you scale up the
Basic Pilot Program, the number of workers who may face
determinations that say they may not be eligible to work unless
they, in effect, clear their status is going to grow
dramatically.
You haven't heard very much about new threats to privacy
and security that these proposals raise. I believe that is a
key problem that the Department of Homeland Security has helped
identify because by misplacing the records that they did on the
TSA employees, they have, in effect, brought attention to the
problem of identity theft and security breaches, which are
significantly increasing in the United States. In fact, the
Federal Trade Commission has reported that identity theft is
now the number one concern of American consumers. A big
contributor to that problem is the extraordinary collection of
personal information.
I will say a few words about the current design of this
system. As other witnesses have noted earlier, the proposal to
consolidate so much personal information in these centralized
government databases does significant increase the risks to
privacy.
Now, it is our view that the SSA has done a good job over
the years trying to narrow the use of the Social Security
number and Social Security records for the appropriator
legislative purposes. Of course, when another agency comes
forward and proposes new expanded uses of the Social Security
number, then new privacy issues arise.
Now, both bills state that the database access will be
limited to authorized users only. However, it is very easy to
understand the circumstances under which others could get
access to these record systems. Dr. Neumann has described the
various ways under which computer systems can be compromised
through weak security. It is also a result of the insider
access to the record systems that would result as well.
I would like to say a word about the role that the REAL ID
act plays in the legislation that is under consideration in
both the Senate and the House. As you know, there is a lot of
opposition to the implementation of the REAL ID Act. The
statute, which was passed in February of 2005, went forward
without a vote, without a public hearing.
Since that time, more than a dozen states have passed bills
to oppose the implementation of REAL ID in their states. Four
states have actually said that they would not have a REAL ID
requirement.
Now, this is a fact worth keeping in mind as you look at
these legislative proposals because the Department of Homeland
Security is proposing that the REAL ID document be used as one
of the ways to establish employment eligibility. In fact, the
Senate bill would make non-REAL ID-compliant documents of no
use for establishing employment eligibility by the year 2013,
which means you could actually have a situation, if the
legislation passes and REAL ID is not implemented, that there
would be no documents available to authenticate employment
eligibility.
Well, let me conclude, Members, if I may briefly with a few
key recommendations. I think there are some things that could
be done.
Obviously, the data accuracy issue has to be addressed
before the system is scaled. I think the systems of
accountability for the dramatically expanded role for the
Department of Homeland Security, particularly the ability to
essentially require biometric identification and perhaps the
collection of fingerprints, that needs to be examined. I think
the REAL ID provision needs to be revised.
Finally, these proposals, very costly proposals, to try to
make the Social Security card tamper-proof, incorporating
biometric identity factors--even if those were to go forward,
as other witnesses have testified, I think you would be right
back in a couple of years trying to design a new card when the
flaws in the current card are uncovered.
Thank you very much for your time.
[The prepared statement of Mr. Rotenberg follows:]
Prepared Statement of Marc Rotenberg, Executive Director, Electronic
Privacy Information Center
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman MCNULTY. Thank you, Mr. Rotenberg. Thanks to all
of you for your testimony, and for the clarity of your
testimony. As a matter of fact, I had a number of questions
prepared for several of you, but you answered them quite
clearly in your testimony.
I do want to ask Ms. Moran, because we have been discussing
the database discrepancies in the abstract, if you could
provide us with a real-life example of how the problems with
the databases affect people.
Ms. MORAN. Sure. We provide technical assistance to a lot
of labor unions and immigrant organizations across the country.
In fact, we just got a technical assistance call last week from
a woman in North Carolina. She is Honduran. She had temporary
protected status. She was work-authorized. She presented her
documents. She worked at a hog plant. When the company put her
information in the system, SSA said the stuff didn't match.
The long story short is from January to April she went back
to Social Security Administration four times to try to fix the
error in the database. Because it wasn't fixed, ultimately the
company fired the woman and she was without a job.
So today, she could theoretically go to another company and
get a job, but under this new system, if she were fired, she
wouldn't be able to go get a new job. Under the proposal that
is in the Senate right now, she wouldn't be able to get back
wages. She wouldn't be able to get attorneys fees. She could be
out of--a low-income worker could be out of a job for a number
of months.
So, that is just one example of many to show, really, it is
pretty serious, talking about people's livelihood here.
Chairman MCNULTY. Thank you. We just received information
that there was a cloture vote in the Senate, and it failed 55
to 42. There is going to be another vote at 5:00, so there is a
very real question about how far this bill is going to go now.
If it goes anywhere, we want to be prepared for it.
I will now call on the Ranking Member of the Subcommittee,
Mr. Johnson, to inquire.
Mr. JOHNSON. Thank you, Mr. Chairman. I appreciate that.
I wonder if all of you could comment, maybe. Many have
advocated the use of biometric ID as an effective way to
confirm a person's identity. I would like your comments and
what you think of a biometric ID. Is it the right or wrong way
to go, and why?
Ms. MORAN. I will refer to the technology people on that.
Ms. MEISINGER. I believe that there is some use of
biometric information. I think it should be voluntary for the
employers who can afford to develop the system and work with
the system, but I think the technology is there. I think
biometric information has the advantage of being carried with a
person wherever they go, and you don't need a card for it if
you can have it locked in with other identification that may be
in the system.
I think there are ways now--and I am not a technologist so
I am going to defer--to build a system where it is not
centralized in one government agency, which I agree, I think,
is very troublesome to many people, the thought that this would
all be in some centralized database.
Right now companies do reference checks on a regular basis.
Data mining takes place. They go out with public data sources--
where people lived, whether their house was on that street,
what the name on the mortgage was--those sorts of things in
terms of to link the person.
I just think that what we would like to see is some
technology experts coming together, privacy as well as
employers and government, to sort through what is possible that
balances. I don't think there is anything that we will ever
develop that provides an absolute protection against privacy
because you can't control people's behaviors, but I think there
are ways to design something that gets closer to what everybody
is trying to get done than what is being proposed here.
Mr. JOHNSON. Well, I will tell you, when we had the eye
scan out at the airport, which Homeland Security can't get back
in again, as you know, I used to like to go to the airport
because I would look in that thing and it would say, hello, Mr.
Johnson.
Mr. AMADOR. I have to say that from our perspective, as was
just mentioned, it should be voluntary, because the employers
are of different sizes and levels of sophistication. Most
employers in the United States do not have an HR division and
an inside legal counsel.
So, what might be easy for one of the over 7 and a half
million employers in the United States, about 2 million of
those are basically self-employed individuals. Those machines
are actually right now, and maybe the technology would improve
and it will be cheaper, as has happened with computers and
others, but right now those card readers are very expensive for
somebody to----
Mr. JOHNSON. Well, you are advocating a private enterprise
operation versus government, I think, in that instance.
Mr. AMADOR. Correct.
Mr. JOHNSON. Yes. Dr. Neumann?
Mr. NEUMANN. I would like to generalize your question just
a little bit because when you start to talk about biometrics,
the question is, how are they embedded in the overall system?
You have the problem of nonsecure operating systems and
application software, you have the problem of supposedly smart
and secure and tamper-proof smart cards that aren't, and then
you have the biometrics.
Well, some biometrics are actually potentially pretty good.
When they first put the photo and the face recognition stuff in
the Palm Beach Airport, they could only recognize 40 percent of
the people. We are photographed with perfect lighting, and that
system was a failure. Well, then, we will increment it up a
little bit, and we will get it to 50 and 60 and 70, but most of
these systems have the fundamental problem. The gummy bear
story is one of the examples of the fingerprint system. There
was a demonstration at Asiacrypt a couple of years ago where
somebody had taken essentially an imprint of a thumb on a gummy
bear and was able to get through all of the fingerprint
detection systems that were being demonstrated.
Mr. JOHNSON. Really?
Mr. NEUMANN. The next version of that is you cut off the
thumb, of course, and----
Mr. JOHNSON. Well, according to you, there is not a system
that can be devised that can't be circumvented.
Mr. NEUMANN. Well, one of my colleagues has in fact
essentially broken every smart card. This is Paul Kotcher, who
has done differential power analysis. Just by determining the
power consumption of the crypto chip, he can extract the secret
key. There are some high tech solutions, but I think we are in
this escalating spiral, where we continually believe that if we
throw more technology at it, it will solve the problem. Then
there turns out to be an utterly trivial countermeasure that
completely defeats it.
In many cases, it is, for example, that a cryptography key
is stored in memory or a password is pasted up on a Post-It.
So, in many cases, it is a very simple attack. Here you have
built this very complex system, and discovered that there is
some utterly trivial way of breaking it.
Mr. JOHNSON. Thank you. Mr. Rotenberg, do you have a
comment?
Mr. ROTENBERG. Yes. I was just going to say briefly that
one of the obvious problems with the biometric identifiers is
that when they are compromised, you have a real problem. You
can change a credit card number or a bank account number, but
it is not so easy to change the digital representation of your
fingerprint or your eye scan.
It was interesting to us also because we have been studying
the identity systems that the Department of Homeland Security
has been pursuing. One of the identity systems that they
developed, the digital access card, the DAC, was originally
designed with only a biometric identifier. They decided that
was actually a too-risky approach for Federal employees, so
they have included a PIN number as a backup to the biometric. I
think it is a recognition on their part that there are going to
be problems with biometrics.
Mr. JOHNSON. Thank you. Thank you, Mr. Chairman.
Chairman MCNULTY. Thank you.
Mr. Brady may inquire.
Mr. BRADY. Thank you, Mr. Chairman. Thanks for holding this
hearing. I think this is one of the most overlooked issues in
the Senate debate right now, and may be an area where this
Committee can play a big role in this whole debate.
Listening to the panel, the second panel, I think they have
exposed two myths in this discussion. The first is that any
Federal agency will be ready in 18 months to reliably and
accurately verify employment and identification. It is not a
criticism of the agencies. The task is simply overwhelming. The
data that is currently available is unreliable. The pilot
programs we have had in place have too many question marks. It
is like we are trying to stand an elephant on a toothpick and
hoping it will hold. It likely won't, and we know it in
advance.
The second myth is that any single document, including a
national ID card, is necessary or in fact desirable in this. I
am not in the black helicopter caucus, but the truth is I think
using multiple documents tailored more--the truth of the matter
is some workers will be very easily verifiable. Others will be
very difficult. We ought to have a system that is flexible
enough to deal with that, and it seems this Committee Chairman
ought to be exploring some innovative partnership between
government and the cutting-edge private companies that are
today verifying ID instantaneously, both for companies and for
the government itself; find a way where it is more
decentralized so you don't have a single, as Dr. Neumann said,
hacker, cracker, or terrorist, I think was the phrase, able to
break it. We have examples today.
Two questions. Mr. Amador, GAO says the cost of a
completely verifiable system will be about $11.7 billion a
year, much of it borne by employers and workers. Can you talk a
little about that?
Ms. Meisinger, Mr. Ryan wanted to ask about the background
checks that help confirm identity. From what databases do they
draw?
So, Mr. Amador.
Mr. AMADOR. Yes. Last year--actually, in 2005, GAO
testified and they said it would be that much. I since have
called them, and I was trying to find out, well, how do you
split it up? They didn't have a rigid split, but what they
said, that would be the cost because you will be adding 96
percent of employers to a system. You have to find out a way of
also making it telephonic.
So, they said that in addition to considering the fact that
you have to hire more verifiers, modernize the system, and
purchase and monitoring additional equipment, employers would
also need to train employees to comply with the new law
requirements and devote a great deal of human resources staff
to verifying and re-verifying the workforce.
Currently, under the I-9 system, the estimate is that we
spend about 12 million working hours verifying the 50 to 60
million of individuals that are hired, either--some people are
hired more than once in a year. Some people have more than one
job, but somebody is doing the hiring.
There is also the cost of keeping these documents, filing.
The requirements in the Senate right now, which we know are too
many, too much, are requiring that you keep these documents for
like 7 years. We think that is obviously too long, especially
when you have a turnover rate that is very high.
Resolving data errors is going to be a new additional cost
that is going to be more complicated and expensive than it is
under the current system. A new issue is going to be dealing
with wrongful denial of eligibility when you get a tentative
nonconfirmation.
What they are looking at is the employer is going to have
to start making calls because of course you cannot fire the
individual until you go through the entire process. In the
Senate version, the shortest period that it could take is 152
days. So, you have an employer dealing with days and an
employee that is going to have to be taking time off from work
to go in person to an SSA office to try to resolve all these
things.
So, when they put all of these things together, they are
just not looking at how much the one inquiry costs. They are
saying, well, how did the entire thing cost? How much was spent
in hours from the employer's perspective and from the employee
perspective in addition to the government's perspective? And
that is when, again, they were using that number when they were
trying to ask for more funding. I notice that now they are
trying to use lower numbers.
It is also important to mention that I think the number is
based on the study that came in 2002, the Westat study that
everybody--the independent study that has been mentioned
before. There is a new study. Tyler mentioned it. The Chamber
has been trying to get a copy of it. DHS has it, and we would
like to have your help in trying to find out if they maybe
broke down this number, and some other information in it.
Mr. BRADY. Thank you.
Ms. Meisinger, I am not suggesting background checks on
everyone. The point is, oftentimes using multiple sources you
can verify quicker and more accurately.
Ms. MEISINGER. I think if you think of some times when
you've gone online and people ask you for background questions
that you might answer--mother's maiden name, street that you
lived in when you were young--those sorts of things are really
embedded in databases that exist in a public format.
I think that would be the recommendation, that it would be
public formats, public databases. Criminal records are one that
reference checkers always go into and look at. Depending on the
level of depth that you are going through, you will go to the
FBI. Sometimes it will just be local. It depends on the job.
There are state laws now that require this sort of in-depth
background check for certain types of jobs. If it is somebody
working with children, frequently they will have a much more
in-depth background check to try and make sure they know
everything they can know about that person, including that the
person is who they say they are.
Mr. BRADY. So, you use different sources for different
types of jobs and different needs.
Ms. MEISINGER. Different sources. Right.
Mr. BRADY. Which I think it would be difficult to
accomplish by people in the single agency or double agency.
Ms. MEISINGER. Well, and I think right now you have got
credit companies, check companies that track people's credit
history. There is a competitive market to try and make sure
that you are the most accurate, the most reliable, respond the
quickest to the customers. I think you want to build that same
sort of environment.
Mr. BRADY. Right. Thank you.
Thank you, Mr. Chairman.
Chairman MCNULTY. Thank you very much. On behalf of Mr.
Johnson, Mr. Brady, and all the Members of the Committee, we
want to thank each of you for your expert testimony. It has
been extremely helpful.
We would ask that as the process moves forward, we may keep
in contact with you for your response to questions by our
Members and our staff outside of the formal setting of a
hearing, so that we are able to contact you on a more immediate
basis.
I would just like to say for myself that as I have looked
at the Social Security agency and the many challenges that it
faces, we have been tremendously distressed with the lack of
progress on the issue of the disability backlog, which we have
been trying to work on for a long time now.
I think it is an unmitigated disaster and I don't want to
see it compounded by another disaster. If you can help us in
that regard, we are deeply grateful.
This Committee hearing is adjourned.
[Whereupon, at 12:17 p.m., the hearing was adjourned.]
[Submission for the Record follows:]
On behalf of the 11,000 front-line Border Patrol employees that it
represents, the National Border Patrol Council thanks the Subcommittee
for holding a hearing to examine various methods of verifying the
employment eligibility of workers in the United States. There is now
near-universal agreement with the 1994 finding of the U.S. Commission
on Immigration Reform that ``reducing the employment magnet is the
linchpin of a comprehensive strategy to reduce illegal immigration.''
There is no consensus, however, regarding the best method for
accomplishing that goal. The Immigration Reform and Control Act of 1986
made it a crime to hire illegal aliens, but failed to provide employers
with a simple and effective means of verifying the authenticity of the
numerous documents that were permitted to be used to prove eligibility
to work in this country. Thus, it is nearly impossible to establish
that an employer ``knowingly'' hires illegal aliens, rendering the
current law largely unenforceable and meaningless.
The Illegal Immigration and Immigrant Responsibility Act of 1996
required the Attorney General to conduct three pilot programs of
employment eligibility confirmation: the basic pilot program, the
citizen attestation pilot program, and the machine-readable-document
pilot program. Of these, the basic pilot program, now known as the
Employment Eligibility Verification System, has emerged as the most
widely-utilized system. Although it is relatively inexpensive and easy
to use, it is also extremely susceptible to identity fraud, wherein
legitimate information is used by imposters. This was highlighted by
the recent Bureau of Immigration and Customs Enforcement raids against
several Swift & Company plants, in which nearly thirteen hundred people
who were cleared to legally work under the provisions of the Employment
Eligibility Verification System were arrested for being in the country
in violation of our immigration laws. Although the current amount of
fraud under that system is relatively low, that is due to the fact that
only a very small percentage of companies are participating in the
program, and most illegal aliens opt to seek employment in companies
that do not use it. If its use became mandatory, however, the amount of
fraud would undoubtedly increase exponentially. The Federal Trade
Commission estimates that about ten million Americans are victimized by
identity theft annually. With such a large universe of compromised
identities to draw from, criminals would have no problem supplying
illegal aliens with new identities to circumvent the system. Moreover,
the information contained in the Social Security Administration's
databases contains a number of inaccuracies, especially concerning
citizenship. In fact, a recent study by the Office of Inspector General
of the Social Security Administration found that at least 100,000 non-
citizens are provided with bona fide Social Security numbers every year
based on invalid immigration documents. That report also acknowledged
that the agency has no way of knowing how many Social Security numbers
have been improperly issued to illegal aliens.
The other two employment eligibility confirmation pilot programs
suffered from similar shortcomings. The citizen attestation pilot
program was limited to non-citizens, and was not designed to verify the
validity of claims of citizenship, but only identity. Thus, this
program was by far the most vulnerable to fraud, as well as the least
useful of the experimental programs. The machine-readable-document
pilot program relied upon State-issued identity documents that met
specified criteria, and matched that to the information contained in
Social Security Administration and Immigration and Naturalization
Service databases. Because only one State's driver's licenses met the
specified criteria at that time, this test was quite limited in scope.
Moreover, its reliability was diminished by its reliance upon the
aforementioned incomplete and inaccurate databases.
The National Border Patrol Council believes that it would be unwise
to expand any of these experimental systems, but rather recommends that
the lessons learned from them be used to construct a workable and
effective system.
Such a system must utilize a single, counterfeit-proof, machine-
readable document that contains a recent digital photograph, as well as
embedded biometric information. Since every authorized worker in this
country is issued a Social Security number, the logical choice for this
document is the Social Security card. Instead of relying upon
information contained in one or more incomplete or inaccurate databases
to check for employment eligibility every time a person applies for a
job, the system should verify that information conclusively prior to
issuing the new secure document. Then, when an applicant presents the
employment eligibility document to a prospective employer, the only
check that would need to be made is a determination of whether or not
the document is genuine, and that could easily be accomplished through
means of an electronic reader. At the same time, this process would
provide the Department of Homeland Security with a record of all
employment inquiries, which would facilitate its worksite enforcement
efforts. It would be a simple matter for investigators to spot-check
for compliance by matching employment inquiries with payroll and income
tax withholding records.
H.R. 98, the ``Illegal Immigration Enforcement and Social Security
Protection Act of 2007,'' would mandate the establishment of such a
system, and would also provide the enforcement mechanism and resources
to ensure compliance therewith. This would effectively eliminate the
employment magnet, allowing the Border Patrol and other law enforcement
agencies to concentrate their scarce resources on stopping terrorists
and other criminals from entering the United States. Such a system
would have the added benefit of greatly reducing the amount of identity
theft involving Social Security numbers.
The consequences of inaction and/or delay are dire. Open borders
are an open invitation to further terrorist attacks. These measures
need to be enacted swiftly in order to safeguard our Nation.
�